Archived
TD0015: FPF_RUL_EXT.1.7 Clarification needed for IPv6 extension header numbers
Publication Date
2014.09.18
Protection Profiles
PP_ND_VPN_GW_EP_v1.1
Other References
PP_ND_VPN_GW_EP_V1.1, requirement FPF_RUL_EXT.1.7
Issue Description
FPF_RUL_EXT.1.7 Tests 4-6 refer to Table 9-1 (Defined Protocol-specific Values), which incorrectly identifies IPv6 Extension Header numbers as transport layer protocols. RFC 2460 lists the following IPv6 Extension Headers: Hop-by-Hop options (0), Destination options (60), Routing (43), Fragment (44), AH (51), and ESP (50)). Resolution
The IPv6 extension header numbers do not need to be tested. The VPN_GW EP will be updated to remove them from the list of IPv6 protocols in Table 9-1. Justification
TD0007 removed the IPv6 extension header numbers from Table 4-2 in the FW EP for the tests in FFW_RUL_EXT.1.10 for the same reason. |