On 2018-12-05 17:32, Joe Touch wrote: > > > On Dec 4, 2018, at 8:11 PM, Christopher Morrow <morrowc.lists@xxxxxxxxx <mailto:morrowc.lists@xxxxxxxxx>> wrote: > >> That works only for HBH options of type 00. Others require particular actions when not supported. >> >> >> can you expand on this some? > > Nobody deprecated the flags that require HBH options to be processed or dropped if not supported. Intentionally. If a forwarding node is transparent to HbH options, it is not looking at those flags. If it is looking at HbH options, it will obey those flags. Why is that a problem? Brian > > And if there is a security risk to the control plane, it is using that place for slow path processing without properly limiting its use of shared resources. > > This idea that packets processed as intended are a security risk is like saying big packets are a security risk to small packets. It may be a bad design but it doesn’t mean such packets are inherently a security risk. > > Joe
