On Nov 5, 2008, at 5:41 PM, Martin d Anjou wrote:
I would like to know how wireshark is expected to behave in the
presence
of an "unknown" ipv6 extension header when it is formed of a Next
Header,
a Hdr Ext Len, and data. Is wireshark able to "jump" over the unknwon
extension header (using the Hdr Ext Len) and keep searching for next
headers and eventually find L4 protocols like TCP?
No - is anything *else* able to do so?
And what indicates which unknown headers are extension headers (and
should be skipped over) and which are just protocols that run over IP
and that you don't happen to know about?
All I see in RFC 2460 is
In IPv6, optional internet-layer information is encoded in separate
headers that may be placed between the IPv6 header and the upper-layer
header in a packet. There are a small number of such extension
headers, each identified by a distinct Next Header value.
which seems to suggest that only headers in that "small number" are
non-final headers, and
If, as a result of processing a header, a node is required to proceed
to the next header but the Next Header value in the current header is
unrecognized by the node, it should discard the packet and send an
ICMP Parameter Problem message to the source of the packet, with an
ICMP Code value of 1 ("unrecognized Next Header type encountered") and
the ICMP Pointer field containing the offset of the unrecognized value
within the original packet. The same action should be taken if a node
encounters a Next Header value of zero in any header other than an
IPv6 header.
which doesn't leave much provision for intermediate nodes (or final
nodes, for that matter) ignoring unknown headers.
This doesn't seem to suggest that skipping over unknown headers is
necessarily the right thing to do.
