On Mon, 28 Nov 2005, Ole Troan wrote:
You said "There is no difference between a tunnel link and any other
link media I think."
That is the exact issue in my case for ND messages. If we just send a
packet tunneled, the TTL check for ND messages fails as we can send a
packet from multiple hops away by just adding another layer of
encapsulation.
the ND hop limit check does not fail. the ND packet is not forwarded
outside of the link. the tunnel link that is.
I think what Vishwas is failing to see is that you can't just tunnel
an arbitrary packet to an arbitrary host. The packet will be
discarded -- not decapsulated -- unless you can spoof it correctly to
match an existing tunnel that has been set up at the target node.
Maybe Vishwas has those (IMHO broken) implementations in mind which
accept any kind of IPv6-in-IPv4 or IPv6-in-IPv6 tunnel packet..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
