Hi, On Fri, Jun 19, 2015 at 09:56:20AM +0200, Ole Troan wrote: > >>>> Tell me this. Would you be happier if the fragmentation rule said that > >>>> the first fragment had to contain the entire IPv6 header, plus the > >>>> transport layer header (for ACL support)? I think Fernando would support > >>>> such a statement (I think I have "heard" him make such a statement). > >>> > >>> It would certainly make *me* happier???$,1s& > >> > >> done. > >> RFC7112. > > > > As I wrote in another mail, > > > >> It may be relevant to ask for RFC 7112 support next time we're doing > >> an equipment RFQ (in a few years). > > ... > >> But until RFC 7112 support is available, I believe we will > >> see a significant amount of breakage for IPv6 extension headers - and > >> header chains will be limited to significantly less than 1280 bytes. > > > > And until such support is available, we have to deal with the current > > mess. Which may imply more filtering than some people would like. > > I don???t think that follows.
I would second the observation that this (subsequent action) actually happens. Not least because many consider it a reasonable approach not to process and/or to drop something that induces complexity & insecurity and which at the same time is not needed by any service or application (read: all EHs except ESP and, maybe in some corner cases, AH+FH). thanks Enno > > cheers, > Ole -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey ======================================================= Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator =======================================================
