On Feb 9, 2015, at 7:27 PM, Fernando Gont <[email protected]> wrote: > If there's a transport protocol that > happens to look like RFC6564, and it is followed by data that looks like > DHCPv6/UDP, your code will fail.
You mean if there is an unknown transport protocol header that looks like RFC 6564, and it is followed by a next header type of UDP, and that UDP packet happens to be a well-formed DHCP packet, and happens to match the criteria of DHCPv6-guard, then the switch will drop it? Yes, this is true. However, in your proposal, the switch will also drop it, so we haven't lost anything. Moreover, this is easy to fix: update the switch to support the new protocol header. (Yes, I realize that my definition of easy is a bit optimistic, but under the circumstances I think that's okay.) _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
