Hi James, After a review of what RFC 4890 says, the new section 3.2.1 on ICMPv6 needs in my understanding to be modified. CURRENT 3.2.1 TEXT: "Recommendations for
filtering ICMPv6 messages in firewall devices are described separately
in [RFC4890] and apply generally to residential gateways as to any
class of router. No additional
recommendations are made here, but
it's important to note that Destination Unreachable and
Packet Too Big errors corresponding to filtering states for all
upper-layer transport protocols are important to the proper function of
the Internet." PROBLEM: RFC 4890 recommends that NO Destination Unreachable and NO Packet Too Big error messages be dropped (sec 4.3.1). If the intent is that incoming DU or PTB messages that don't match any filtering state should be dropped, this should then be expressed as an *additional* recommendation. (If the intent is different, I have difficulty understanding it.) PROPOSAL: "Recommendations for filtering ICMPv6 messages in firewall devices are described separately in [RFC4890] and apply to residential gateways, with the additional recommendation that incoming Destination Unreachable and Packet Too Big error messages that don't match any filtering state should be dropped." Accordingly, REC-12 would become: " REC-12: IPv6
gateways SHOULD NOT forward ICMP Destination Unreachable and Packet Too Big
messages containing IP headers that don't match generic upper-layer
transport state 3-tuples." (Note, besides, that since it deals with ICMP, this REC would better be placed in 3.2.1 than in 3.2.2.) As the point raised is more than editorial, I look forward to your view on it. Best regards, RD [RD1]This sentence suggests that forwarding PTB messages corresponding to filtering states could be beyond what is imposed by RFC4890 , i.e. could be added Le 11 avr. 2010 à 21:59, Fred Baker a écrit :
|
