On 2011-02-05 03:02, Thomas Narten wrote: > Brian E Carpenter <[email protected]> writes: > >> OK, something like > >> Although the flow label is defined as immutable once it has >> been set to a non-zero value, implementers should be aware >> that it is an unprotected field that could have been accidentally >> or intentionally changed en route. Implementations MUST >> take appropriate steps to protect themselves from being >> vulnerable to denial of service and other types of attack that >> could result. > > This sounds about right. > > To put this in perspective, routers can't assume the source or > destination address in a packet has not been modified since leaving > the originator. But that doesn't cause us all to Freak Out! :-)
Correct. There's a subtle difference though - if the flow label alone has been changed, the packet has in fact been delivered to the correct place and any reply packet will be sent to the correct place. So the attacks and side-effects are a bit different than if one (or both) addresses were changed. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
