IPv6 Type 0 Routing Header issues
Jun-ichiro itojun Hagino
itojun at itojun.org
Tue Apr 24 00:25:27 CEST 2007
pekka, long time no see!
> Speaking of which, during the last couple of months some folks appear
> to have been testing these. Specifically, our egress source spoofing
> filters block some routing header packets between
> 2001:AD0:301:1002::/64 (DT-IPV6-EE-TLN-VS1) and 2001:730:5::/48
> (NEXTGEN-LAB). I wonder what those folks are trying to do, maybe test
> ingress filters or map topology using 'roundabout' traceroute..
the issue is rather horrifying, it could be the doomsday of the entire
Internet.
RFC1883 had upper limit in # of hops, 23 (strict/loose bitmap).
when Deering removed the field, he forgot to put the upper limit.
also, there's no limit in number of routing header present on a packet.
now, you will be able to compute how many source-routing hops a packet
(try MTU 1280 and 9000). try to compute maximum number of hops.
to prevent panic i'll leave it as an exercise for readers, but
it's mind-blowing. try it.
if you understood the risk, feel free to contact core at kame.net.
(but due to time difference many are in bed now)
pekkas, call me at +81 90 9158 7979 or +81 3 3490 9225.
(i slept only 4 hours since last Friday due to this issue, so keep
ringing)
itojun
More information about the ipv6-ops
mailing list