On Fri, 14 Dec 2001, Vladislav Yasevich wrote:
> RFC 2460 states the following:
>
> > router - a node that forwards IPv6 packets not explicitly
> > addressed to itself. [See Note below].
>
> and the conseptual sending algorithm is this:
> > else {
> > swap the IPv6 Destination Address and Address[i]
> >
> > if the IPv6 Hop Limit is less than or equal to 1 {
> > send an ICMP Time Exceeded -- Hop Limit Exceeded in
> > Transit message to the Source Address and discard the
> > packet
> > }
> > else {
> > decrement the Hop Limit by 1
> >
> > resubmit the packet to the IPv6 module for transmission
> > to the new destination
> > }
>
> One could argue that after the source routed packet is processed and
> resubmitted for transmision, it's is no longer addressed to the node
> processing it (the source is the original source and the destination
> is the next hop). Thus, the node in effect is forwarding this packet.
> "Forwarding" is a function of router thus, in my mind the node has to
> be configured as router and has to obey all the router rules.
This is a very good argument which I haven't seen presented yet.
The text might be clearer on this. Thanks.
I think I'll reflect this in my draft, list the issues currently there
with a note and describe a new scenario or two where this is not strict
enough.
> > Nonetheless, discussion in 2.5.1. and security considerations apply.
> > IMO, "same-node" does not seem to be a strict enough requirement, if one
> > assumes this kind of routing header processing would have to be enabled on
> > *every* host.
>
> I beleave that's what 2460 assumes.
This is worse than with IPv4 (there, hosts should basically disable
routing header even though local by default). (note that RFC1122 3.3.5
uses a different interpretation of 'local').
> > Addrarch requires that these packets to loopback, site/linklocal are
> > dropped at input. However, I'm curious whether all implementations
> > process the packets received through this mechanism via the same input
> > functions as regular packets would have been -- that is, has someone
> > created "shortcuts" here..
>
> This would be a bug in the implementation and the implementation needs
> to be fixed. It doesn't make sence to impose restriction on a well
> behaving implementation.
Well, the problem is -- how can we know if some implementation does this
or not? The description of behaviour (example: source routes outside of
node, above) are sometimes a bit fuzzy.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
