This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices

Previous message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
Next message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe Touch touch at isi.edu
Fri Jun 19 00:32:19 CEST 2015

On 6/18/2015 3:00 PM, Gert Doering wrote:
> Hi,
>
> On Wed, Jun 17, 2015 at 04:46:03PM +0000, Fred Baker (fred) wrote:
>> Tell me this. Would you be happier if the fragmentation rule said that the first fragment had to contain the entire IPv6 header, plus the transport layer header (for ACL support)? I think Fernando would support such a statement (I think I have "heard" him make such a statement).

It makes sense to require all of the HBH and routing headers in the 
first fragment.

The rest is impossible to mandate and irrelevant. Anything that looks 
far enough into a packet to need to find the transport header might be 
looking several layers of encapsulation in; that's acting as an 
endpoint, and ought to reassemble the packet at that point.

Joe

Previous message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
Next message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ipv6-wg Archives ]