IPv6扩展报头类型

夜ark
1,234 阅读6分钟

我正在参加「掘金·启航计划」

本文主要介绍了IPv6的几种扩展报头类型,以及相关的资料文献出处。

一、IPv6报头中的字段

image-20230414190009759

  • version(4位):协议的版本号
  • traffic class(1字节):用于区分IPv6数据包的不同优先级和数据类别
  • flow label(20位):用于标记需要相同处理的数据包的次序,可以使路由器效率更高
  • payload length(2字节):IPv6报头后所装载的数据的长度。由于此字段只有两字节,所以数据包的有效载荷最大位64KB。
  • next header(1字节):包含着扩展报头的一个协议号或值
  • hop limit(1字节):跳数限制,每经过一共路由器减一
  • source address(16字节):源地址
  • destination address(16字节):目的地址

二、扩展报头

  • Hop-by-Hop Options报头
  • Routing报头
  • Fragment报头
  • Destination Options报头
  • Authentication报头
  • Encrypted Security Payload报头

前4个扩展头在RFC8200中定义,后两个分别定义在AH协议[RFC4302]和ESP协议[REC4303]中。

image-20230413161213362

需要注意的是,扩展报头的出现次数有所限制(虽然感觉并不影响):

Each extension header should occur at most once, except for the Destination Options header, which should occur at most twice (once before a Routing header and once before the upper-layer header).

1.Hop-by-Hop Options

(1)报头介绍

The Hop-by-Hop Options header is used to carry optional information that may be examined and processed by every node along a packet’s delivery path.

因此,如果需要让每个节点都检查和处理数据,可以采用Hop-by-Hop扩展报头

(2)字段解释

image-20230412222158730

有关Options字段的解释:

Option Type是Options字段的第一个字节,该值的前两位:

  • 00 跳过并继续处理
  • 01 丢弃数据包
  • 10 丢弃数据包并向数据包的源地址发送“ICMP”消息,指出不能识别的选项类型
  • 11 丢弃数据包,并且在目的不是多播地址时向数据包的源地址发送“ICMP”消息

该值的第三位指定选项信息是否能够在传送途中改变(01)或不改变(00)

来自RFC文档的解释:

The third-highest-order bit of the Option Type specifies whether or not the Option Data of that option can change en-route to the packet's final destination. When an Authentication header is present in the packet, for any option whose data may change en-route, its entire Option Data field must be treated as zero-valued octets when computing or verifying the packet's authenticating value.

如果需要设计新的选项,可能需要再附录A中查找相关定义。

Appendix A contains formatting guidelines for designing new options.

(3)可用字段

在该字段中,由来自RFC8200 4.2节中对Option Type字段的解释,可以将type定义为0x1,即PadN,字段定义如下:

image-20230413162355716

其解释如下:

The PadN option is used to insert two or more octets of padding into the Options area of a header. For N octets of padding, the Opt Data Len field contains the value N-2, and the Option Data consists of N-2 zero-valued octets.

目前认为可以将AID插入到Option Data里。

2.Routing

(1)报头介绍

The Routing header is used by an IPv6 source to list one or more intermediate nodes to be "visited" on the way to a packet’s destination. This function is very similar to IPv4’s Loose Source and Record Route option.

Routing报头主要用于记录中间节点。

(2)字段解释

image-20230413162959286

3.Fragment

(1)报头介绍

The Fragment header is used by an IPv6 source to send a packet larger than would fit in the path MTU to its destination. (Note: unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet’s delivery path -- see Section 5.) 。

(2)字段解释

image-20230413164233125

image-20230413164243313

4.Destination Options

(1)报头介绍

Destination Option扩展报头有两种,一种是用于要由出现在IPv6包头中 Destination Address字段中的第一个目的地以及路由头中列出的后续目的地处理的选项;另一种是只用于被封包的最终目的地处理的选项。

(2)字段解释

image-20230413164925521

(3)可用字段

类似Hop-by-Hop Options报头,Destination Options报头中也含有Options字段,且定义与前者一致(当然,如需要可进行修改)。

5.Authentication(RFC4302)

(1)报头介绍

IP身份验证头(AH)用于为IP数据报提供无连接的完整性和数据源身份验证(以下简称“完整性”),并提供防止重播的保护。是保证IP数据报的完整性的。

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just "integrity") and to provide protection against replays. This latter, optional service may be selected, by the receiver, when a Security Association (SA) is established. (The protocol default requires the sender to increment the sequence number used for anti-replay, but the service is effective only if the receiver checks the sequence number.) However, to make use of the Extended Sequence Number feature in an interoperable fashion, AH does impose a requirement on SA management protocols to be able to negotiate this new feature (see Section 2.5.1 below).

(2)字段解释

image-20230414190743037

6.Encrypted Security Payload(RFC4303)

(1)报头介绍

认证报头AH用于保证数据的一致性,而封装的安全负载报头(ESP)用于保证数据的保密性和数据的一致性。

ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality. The set of services provided depends on options selected at the time of Security Association (SA) establishment and on the location of the implementation in a network topology.

(2)字段解释

image-20230414191840794

三、总结

由于在RFC8200 4.8章节中有定义,

Note: New extension headers that require hop-by-hop behavior must not be defined because, as specified in Section 4 of this document, the only extension header that has hop-by-hop behavior is the Hop-by-Hop Options header.

由此,我们可以知道,Hop-by-Hop扩展报头是要被路由中的每个节点检查的。

不过,Destination Options扩展报头事实上也是能做到让中途节点进行处理的,但是需要添加Routing报头。在提供了Routing报头的情况下,IPv6报头的Destination Address变为下一跳数据包的地址,所以也可以处理。可以在Routing中加入路由,这样可以保证Destination报头只在特定的地址进行处理。

五、自定义报头

在找可用的扩展报头的过程中,找到了RFC4727。

RFC4727的标题是“IPv4、IPv6、ICMPv4、ICMPv6、UDP和TCP报头中的实验值”。该RFC定义了在IPv4、IPv6、ICMPv4、ICMPv6、UDP和TCP报头的各个字段中分配和管理实验值的过程。

RFC4727在这些报头中描述了对实验值的需求,这使得研究人员和开发人员能够在不需要更改现有标准的情况下测试新的协议和功能。实验值可用于测试新特性或用附加功能补充现有标准。

RFC4727提供了在各种头字段中分配实验值的指南,并描述了这些值的格式和语法。它还描述了注册实验值以及更新或弃用现有值的过程。

总的来说,RFC 4727对于需要在工作中使用实验值的研究人员和开发人员来说是一个重要的资源,因为它为在各种IP和传输协议中管理这些值提供了一个标准化的过程。

avatar
文章
阅读
粉丝