> I would prefer to not split too many hairs. I believe we want RH0
> off, and if that is the case we should clearly state that:
>
> IPv6 nodes MUST NOT originate packets containing RH0 and SHOULD return
> a Parameter Problem ICMPv6 message with code of 2 Unrecognized IPv6
> Option Encountered when such packets are received.
>
> That is in line with RFC 2463 in terms of error handling, gives users
> of the network sufficient debugging information without there being a
> new hole opened for attack, and leaves open the possibility that no
> error is returned at all, likely though the use of a kernel tuning
> variable (sysctl in FreeBSD).
we may need more precise wording on "such packets are *received*".
is it when ip6.ip6_dst is one of the node's address? (intermediate
node on rthdr0 hop lists or final node)
or could it be a router which has totally different address?
see OpenBSD/Apple MacOS X sys/netinet6/ip6_input.c, they are really
paranoid about this (took the latter approach). they're good.
and no, remove the sysctl, please. bad guy can install freebsd to his
old machine and place it to open IPv6 network to damage the whole
planet. "protected by root privilege" means nothing.
itojun
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
