Hi Brian, > -----Original Message----- > From: Brian E Carpenter [mailto:brian.e.carpen...@gmail.com] > Sent: Thursday, October 10, 2013 9:15 PM > To: Templin, Fred L > Cc: C. M. Heard; 6man-cha...@tools.ietf.org; Adrian Farrel; draft-ietf- > 6man-ext-trans...@tools.ietf.org; ipv6@ietf.org > Subject: Re: Adrian Farrel's No Objection on draft-ietf-6man-ext- > transmit-04: (with COMMENT) > > Fred, > > On 09/10/2013 04:28, Templin, Fred L wrote: > ... > > When Wireshark encounters a header type 253 or 254, it assumes it is > > an unknown extension header of length 8 bytes, then skips ahead and > > attempts to parse anything that follows as additional headers. > > They must have just made that up; there's no justification for it. > It could be an unknown extension header of unknown length, or it > could be an unknown payload of unknown length. In real life > I'd expect firewalls to default-drop such packets.
It could be that Wireshark has some kind of inference engine that says: "let's look ahead and see if the next octet looks like another NEXTHDR field, and if so keep on plowing through". It certainly surprised me. It might also be worth noting that tcpdump does not take this leap of faith and stops when it hits the first 253/254. > We'll note this issue in the Security Considerations. OK - thanks. Fred fred.l.temp...@boeing.com > Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------