On 4/28/2015 10:44 AM, Templin, Fred L wrote: >> There are different IP protocol numbers for encapsulating IPv4 and >> > IPv6. 0x4 is the IP protocol for IPIP, 0x29 is the number for IPv4 > > Right, that makes two ways of doing things (same as in AERO).
Which means: a) you now need to decide what to do when the two things disagree. Do you check this? is this a vulnerability? b) you now need to have a rule for what to do when you're not using 4 or 6, e.g.: > So, the rule could be "if the first four bits > encode some value other than 4 or 6, examine the IP protocol number > in the GUE header". Why two rules? What you really wanted - and needed - was a field in the GUE or AERO header that said "this is IP, this is signal, this is MPLS, etc.". Once you say it's IP, you should leave the rest to IP. The same holds for EVERY other protocol. Joe _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
