Re: [v6ops] Extension Headers / Impact on Security Devices

Fernando Gont <fgont@si6networks.com> Tue, 19 May 2015 07:15 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE42E1ACD98 for <v6ops@ietfa.amsl.com>; Tue, 19 May 2015 00:15:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBQZvDXW_UX0 for <v6ops@ietfa.amsl.com>; Tue, 19 May 2015 00:15:24 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 910131ACD37 for <v6ops@ietf.org>; Tue, 19 May 2015 00:15:23 -0700 (PDT)
Received: from [190.113.211.203] (helo=[192.168.43.9]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fgont@si6networks.com>) id 1YubkG-0005yg-Ja; Tue, 19 May 2015 09:15:21 +0200
Message-ID: <555AB8FA.2080405@si6networks.com>
Date: Tue, 19 May 2015 01:15:54 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>, Enno Rey <erey@ernw.de>, "v6ops@ietf.org" <v6ops@ietf.org>
References: <20150515113728.GH3028@ernw.de> <878002773.794.1431739346723.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <878002773.794.1431739346723.JavaMail.yahoo@mail.yahoo.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/nJxJg5re2YH16nnHtdsacFzgnps>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2015 07:15:26 -0000

On 05/15/2015 10:22 PM, Mark ZZZ Smith wrote:
> So quickly, how have IPv4 options been handled? They too can vary the
> location of the TCP/UDP etc. headers in an IPv4 packet. How have the
> variety and variable number of TCP options been handled? They too can
> vary the location of the TCP segment payload.

There are substantial differences here:

* The size of IPv4 options is very limited (well under 128 bytes)

* IYou only need to look at the IHL of the IPv4 packet to be able to
jump to the layer-4 protocol header. -- there's no such a thing in IPv6.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492