On 05/07/2014 04:05, Yannis Nikolopoulos wrote: > hello, > > how do people handle packets with HBH present? Since their use is a > potential attack vector, do people rate-limit them? I can't seem to find > some sort of "best practice" on the issue
I have the impression that they are simply ignored in many cases. That is simpler than rate-limiting. It is legal, because we reduced the requirement to processing them to a SHOULD in RFC 7045: The IPv6 Hop-by-Hop Options header SHOULD be processed by intermediate forwarding nodes as described in [RFC2460]. However, it is to be expected that high-performance routers will either ignore it or assign packets containing it to a slow processing path. Designers planning to use a hop-by-hop option need to be aware of this likely behaviour. - Brian > cheers, > Yannis >
