cpw%sneezy@LANL.GOV (C. Philip Wood) (06/08/89)
Folks, The Extended Security Option (Type=133) looks like a good thing. We have gone ahead and put in the hooks required to utilize it. However, there are some IP routers that get bent out of shape when it arrives on their doorstep. In our case, Cisco routers send back an ICMP parameter problem at Pointer=0. Other IP routers, based on 4.3BSD route the packets without a problem (Sun, 4.3BSD VAX, Bridge-GS7). I gather that there is code in the IP routers that specifically checks for types 130 and 133 and rejects them, because they do not complain about an option such as the following: 8f088001 00000000 which is a bit pattern that satisfies the criteria for an IP option that is copied to all fragments and of variable length ( 8 octets ). This is the extremely little know option 15. I have a few questions for those in the know: 1. Will the IAB include this as a recommended feature in the Official Protocol Standards? 2. Is there a problem with passing an IP option which is formatted correctly even though it is not specifically mentioned in RFC791? 3. It appears that most vendor's (Cisco, BBN, Proteon, ...) ICMP handlers are failing to calculate the correct pointer for problem packets in the Parameter Problem Message. According to RFC792, the gateway or host processing the IP header that finds a problem with some field should return a pointer (displacement) to that field (such as pointer==1, if there is something wrong with the TOS field). Or, is it the case that the 'problem' is truly with the Version/IHL field? Anyone planing on fixing this problem? Cornett (cpw@lanl.gov) P.S. I am now using my first name, since there are so many Internetists named Phil[l]. (Or, is that Internetites?)