cpw%sneezy@LANL.GOV (C. Philip Wood) (06/08/89)
Folks,
The Extended Security Option (Type=133) looks like a good thing. We
have gone ahead and put in the hooks required to utilize it. However,
there are some IP routers that get bent out of shape when it arrives on
their doorstep. In our case, Cisco routers send back an ICMP parameter
problem at Pointer=0. Other IP routers, based on 4.3BSD route the
packets without a problem (Sun, 4.3BSD VAX, Bridge-GS7). I gather that
there is code in the IP routers that specifically checks for types 130
and 133 and rejects them, because they do not complain about an option
such as the following:
8f088001 00000000
which is a bit pattern that satisfies the criteria for an IP option that
is copied to all fragments and of variable length ( 8 octets ). This is
the extremely little know option 15.
I have a few questions for those in the know:
1. Will the IAB include this as a recommended feature in the Official
Protocol Standards?
2. Is there a problem with passing an IP option which is formatted correctly
even though it is not specifically mentioned in RFC791?
3. It appears that most vendor's (Cisco, BBN, Proteon, ...) ICMP
handlers are failing to calculate the correct pointer for problem
packets in the Parameter Problem Message. According to RFC792, the
gateway or host processing the IP header that finds a problem with
some field should return a pointer (displacement) to that field
(such as pointer==1, if there is something wrong with the TOS field).
Or, is it the case that the 'problem' is truly with the Version/IHL
field?
Anyone planing on fixing this problem?
Cornett (cpw@lanl.gov)
P.S. I am now using my first name, since there are so many
Internetists named Phil[l]. (Or, is that Internetites?)