Field
Embodiments of the present invention generally relate to computer security and computer network security. In particular, embodiments of the present invention relate to enhancement of traversing devices to allow more control over IPv6 extension headers.
Description of the Related Art
FIG. 1 conceptually illustrates the format of an Internet Protocol (IP) version 6 (IPv6) packet 100. As described in “Internet Protocol, Version 6 (IPv6) Specification,” Request for Comments 2460, December 1998 (RFC 2460), which is hereby incorporated by reference in its entirety for all purposes, an IPv6 packet 100 includes (i) a header comprising two general portions—a 40 byte fixed portion 110, including various fields; and a variable extension header portion 120 and (ii) a data or payload portion 130.
As a result of the variable nature of extension header portion 120, which may carry zero, one or more extension headers, each identified by the next header field of the preceding header, various security concerns are raised; however, RFC 2460 indicates the extension headers are not to be examined or processed by nodes other than those identified by the destination address field.