On Thu, 13 Dec 2001, Vladislav Yasevich wrote: > In may opinion ( already stated about 2 months ago) there are really no > problems with Routing Headers. > > I am really thinking about this in terms of forwarding. If while > processing the routing header, I have to forward the packet off the > node, then all the "router" rules apply (i.e I have to have forwarding > enabled).
I believe this is not how most implementatios have done this. Else for example "round-trip traceroute" would never have worked. > If the packet is forwarded to the same node (looped back), > then I am not really forwading this, and the node consumes the packet. > > We don't needlessly drop packets, MIPv6 is happy, and there are no > holes that I can see (I may be blind though:) My biggest worry is that RH processing, what you call forwarding to the same node, cannot be disabled in hosts. Other worries include bringing every node in the Internet "on-link" to a certain point. That is, when you're on-link you can do stuff like: route add -host 127.0.0.1 <some on-link target> route add -host <private interface address of an on-link target> <onlink target> [ping -t 255 <onlink-target> (so that the packet is received with 255 hop limit -- NOTE! this is only with tunneling, not applicable to RH] etc. My take is that I certainly wouldn't like anyone at all being able to do these because routing headers must be processed, and if they're "local" "forwarded" on the same node. Therefore I think stricter rules on the applicability of RH are definitely needed. In most cases, it's not necessary to be able to do. But please, if you have specific arguments, have a look at my draft. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
