yaog escribió: > -----邮件原件----- > 发件人: marcelo bagnulo braun [mailto:marcelo at it.uc3m.es] > 发送时间: 2009年1月22日 18:34 > 收件人: Christian Vogt > 抄送: SAVI Mailing List; Guang Yao > 主题: Re: Binding establishment based on data or control packets? > > Christian Vogt escribió: > >> Marcelo - >> >> In your email below, you identified several situation in which a SAVI >> device may erroneously discard packets if binding establishment was >> based on control packets only. This is correct if you assume that the >> SAVI device does not react to data packets. OTOH, the SAVI device may >> initiate the necessary control packet exchange upon receiving a data >> packet. This is what I was assuming to be the case, and what you were >> assuming not to be the case, I guess. Hence the misunderstanding. I >> think we are on the same page. >> >> Having said this, I like the summary of possible solution approaches >> that you have suggested earlier: When a SAVI device receives a data >> packet for which source address it does not have a binding, does it... >> >> (1) discard the packet >> (2) create a binding for the packet's source address directly >> (3) initiate a control packet exchange (such as NUD) to verify the >> packet's source address before creating a binding >> >> I agree with you that option (3) does not have a directly apparent >> advantage. The only /potential/ advantage that I can think of is that >> the control packet exchanges initiated in option (3) might be re-usable >> as a protocol for inter-SAVI-device coordination. However, this >> requires more analysis. >> >> > > right > I have been thinking about this > Triggering an NSOL upon the reception of a data packet for which there > is no binding in the SAVI device could have two potential advantages: > - first, that can be used to synchronize multiple SAVI devices. this is > indeed a benefit > - second that could allow a victim to know if an attacker is trying to > set up a savi state for the victim's address. Now this seems like an > advanatage, but after some thought, i don't think it is. > > Let's suppose that the savi device sends a RSOL packet upon the > reception of a data packet with an unknown source address. > Suppose the SAVI device receives two replies. What can the SAVI device > do with this? > > ~Comment Start~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~Guang: > And another comment: > If you mean two node can get the same address both legally, this just > means the nodes and SAVI devices are not well synched. > ~ Comment End~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > I don't understand what you mean here
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.