On 09/02/2013 09:11, Fernando Gont wrote:
> On 02/09/2013 04:57 AM, Brian E Carpenter wrote:
>>> Something that might make sense is to specify something along the lines
>>> of "if the size of the upper layer header is unknown (say, the upper
>>> layer protocol is implemented as a loadable module, in userland, or the
>>> like).
>>>
>>> Thoughts?
>> If you specify a minimum of 8 bytes that would cover most cases, wouldn't it?
>
> Not really. Firewalls look at many fields in the layer-4 headers -- and
> such stuff can be past the first 8 bytes. e.g. OpenBSD PF looks at stuff
> such as the initial TCP window for passive OS fingerprinting, such that
> you can filter based on the OS type. For instance, the ability to look
> at the TCP flags is mandatory for most firewalls.
But the job of this draft is to specify the "on the wire" behaviour of a
sending host. To do that, as far as I can see, you have specify how many
bytes of the transport header MUST be in the first fragment. Does it include
TCP options, for example? At the moment, the draft doesn't tell me what
to put in the code (regardless of where in the host stack this is coded).
Brian
>
>
>> I don't think you will find much enthusiasm among coders for a case statement
>> that adjusts the number of bytes according to the layer 4 protocol.
>
> There are a number of places where this could be taken care of:
>
> * The IPv6 layer, with a case statement (as you describe) -- there are
> not that many upper-layer protocols, anyway.
> * The transport layer (where you know the MTU, and you know how many
> bytes you're sending down the stack
> * The user application (If you're going to insert extension headers, do
> the math and make sure all the headers make it into the first fragment)
>
>
> If we fail to include critical information in the first fragment, such
> traffic will be dropped even more than it currently is.
>
> Cheers,
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
