Wireshark-users: Re: [Wireshark-users] ipv6 unknown extension header

From: Sake Blok <sake@xxxxxxxxxx>
Date: Fri, 7 Nov 2008 08:31:56 +0100

On Thu, Nov 06, 2008 at 10:32:40PM -0500, Martin d Anjou wrote:
>>> Is wireshark able to "jump" over the unknwon extension header (using  
>>> the Hdr Ext Len) and keep searching for next headers and eventually  
>>> find L4 protocols like TCP?
>>
>> No - is anything *else* able to do so?
>>
>> [explanation deleted]
>>
>> This doesn't seem to suggest that skipping over unknown headers is
>> necessarily the right thing to do.
>
> I agree with your conclusion. An "unknown" ipv6 extension header could be 
> a new layer 4 protocol, or a new ipv6 extension header whose second byte  
> is not the Hdr Ext Len, which makes "jumping over it" the wrong thing to  
> do.
>
> And like you, I don't see any "correct" thing to do with unknown ipv6  
> extension header, so it does not seem like Sake Blok's "fix" is the right 
> thing to do either:

ACK  I jumped in too quick (I had in my mind that unknown extension
headers should be skipped, but I mixed the extension headers up with 
the hop-by-hop/destination options, which sometimes can be skipped)

Any objections to reverting the patch?


>> I committed a patch in SVN 26722 that fixes this issue...
>
> Sorry Sake... Although I can probably use your commit to patch my local  
> copy for the time being, so thanks a lot for that!

You're welcome :-)


> Now, any advice for me? Write a dissector for my "unknown" extension  
> header therefore making it a known one? I am just trying to put out an  
> extension header whose length I can control easily, but the content does  
> not matter.

I'm not sure what you want to accomplish, but you might want to use
a standard Hop-by-Hop options header or a Distination Options header.
Within that extension header you can add options and direct whether
systems that don't know your option skip the option or discard the
packet altogether...

Cheers,
    Sake