Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation
Philip Homburg <pch-v6ops-3a@u-1.phicoh.com> Mon, 09 January 2012 11:46 UTC
Return-Path: <pch-b29AA871B@u-1.phicoh.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 658D321F8701 for <v6ops@ietfa.amsl.com>; Mon, 9 Jan 2012 03:46:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.599
X-Spam-Level:
X-Spam-Status: No, score=-8.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11jzGovfXVHY for <v6ops@ietfa.amsl.com>; Mon, 9 Jan 2012 03:46:29 -0800 (PST)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) by ietfa.amsl.com (Postfix) with ESMTP id 96C2C21F8700 for <v6ops@ietf.org>; Mon, 9 Jan 2012 03:46:28 -0800 (PST)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #76) id m1RkDRk-0001ZiC; Mon, 9 Jan 2012 12:31:24 +0100
Message-Id: <m1RkDRk-0001ZiC@stereo.hq.phicoh.net>
To: Fernando Gont <fgont@si6networks.com>
From: Philip Homburg <pch-v6ops-3a@u-1.phicoh.com>
Sender: pch-b29AA871B@u-1.phicoh.com
References: <4F04F5CA.6010802@si6networks.com> <4F05AA98.4090400@viagenie.ca> <4F0A4D7F.6000101@si6networks.com>
In-reply-to: Your message of "Sun, 08 Jan 2012 23:14:23 -0300 ." <4F0A4D7F.6000101@si6networks.com>
Date: Mon, 09 Jan 2012 12:31:22 +0100
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2012 11:46:29 -0000
In your letter dated Sun, 08 Jan 2012 23:14:23 -0300 you wrote: >The idea is that if that non-first fragments are always forwarded, >whereas first-fragments are blocked if: > >a) We've found that what follows the fragment header is an RA packet, or, > >b) this is a first-fragment, and it is missing upper-layer protocol >information. In theory (when it comes to RA or other ND packets) it should be secure to let the fragment through if the hop count is not equal to 255.
- [v6ops] Revised I-D: Advice on RA-Guard Implement… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Marc Blanchet
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Simon Perreault
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gert Doering
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Philip Homburg
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Joel jaeggli
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gert Doering
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Simon Perreault
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont