I'm writing a very simple net filter, and getting to where I want to parse IPv6 headers to match things like ICMPv6 types, TCP/UDP port numbers, etc.
So I'm reading about the IPv6 packet format in depth, and I'm kind of like... well... I sort of had to read it over and over again to make sure I was actually reading it right. It looks to me that you have to start with the 40-byte fixed header and look at its next header field. Then you have to look at the next header's next header field, and so on, like a linked list, until you reach the end. If there's payload, it will follow.
The problem is that there is no length field either in the fixed header or the extension headers. You have to have a table of extension header types and their sizes so that you can chase this linked list to the end.
This strikes me as a strange, possibly even hare-brained design. What if I encounter an unrecognized extension header type? What do I do? I don't know its length. I guess I have to throw the packet out and block it, since in a net filter allowing the packet through would allow an attacker to evade the net filter by including a bogus header type. But that means that if the protocol is ever extended, every single piece of IPv6 header parsing software ever written must be simultaneously updated if the new extension is to be used.
So how can I parse IPv6 headers if I don't know the extensions they're using? How can I skip a header for an unknown extension, since I don't know its length?
IPv6 extension headers contains supplementary information used by network devices (such as routers, switches, and endpoint hosts) to decide how to direct or process an IPv6 packet. The length of each extension header is an integer multiple of 8 octets. This allows subsequent extension headers to use 8-octet structures.
An IPv6 address is 4 times larger than IPv4, but surprisingly, the header of an IPv6 address is only 2 times larger than that of IPv4. IPv6 headers have one Fixed Header and zero or more Optional (Extension) Headers. All the necessary information that is essential for a router is kept in the Fixed Header.
The header structure of an IPv6 packet is specified in RFC 2460. The header has a fixed length of 40 bytes. The two fields for source and destination addresses each use 16 bytes (128 bits), so there are only 8 bytes for general header information.
What if I encounter an unrecognized extension header type?
From RFC 2460:
If, as a result of processing a header, a node is required to proceed to the next header but the Next Header value in the current header is unrecognized by the node, it should discard the packet and send an ICMP Parameter Problem message to the source of the packet, with an ICMP Code value of 1 ("unrecognized Next Header type encountered") and the ICMP Pointer field containing the offset of the unrecognized value within the original packet. The same action should be taken if a node encounters a Next Header value of zero in any header other than an IPv6 header.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With