At Thu, 10 May 2007 17:09:31 -0400, Joe Abley wrote: > > > The above sentences far more closely resemble what I meant to write, > compared to the text that actually appeared in the draft :-) > > I note that KAME's response to this is similar, but it's not clear > to me that it's precisely identical: a patched KAME implementation > treats the type 0 routing header as an unknown routing header > (according to <http://www.kame.net/newsletter/20070502/>). This > suggests to me that a patched KAME implementation will process a > datagram containing RH0, but that RH0 header(s) in the datagram will > not be acted upon. I would welcome corrections to my feeble > assumptions in this area (I have done no tests, nor read any source > code to confirm). > > A packet containing RH0 presumably is intended not to be processed > on the system identified by the destination address field; if it > was, no RH0 would be present. This suggests to me that "MUST drop" > is the right thing, rather than "process as if RH0 was not there"; > in addition, if we assume that today any packet with RH0 is likely > to be malicious, any processing of a packet containing RH0 which has > the potential to result in backscatter seems like it should properly > be avoided.
The Kame folks can comment on the current state of their change, they made a couple of them. In FreeBSD 6 an 5 (the stable branches) we have a sysctl to turn processing on and off. In 7 (aka HEAD or CURRENT) we treat the RH0 as unknown. Code diffs can be seen here: HEAD: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/route6.c.diff?r1=1.12;r2=1.13;f=h STABLE: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/route6.c.diff?r1=1.11.2.1;r2=1.11.2.2;f=h Best, George -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
