摘要
“路径MTU探测”是IPv6的一个非常重要的特征。IPv6分组不能被中介路由器分割。源主机必须知道通往目标主机通路上的最小MTU。为此源主机必须使用MTU探测,也就是用ICMPv6的“包太大”报文来发现MTU。如果防火墙挡住ICMPv6包的话,将导致MTU探测无法正确执行。这需要防火墙可以识别出与连接有关的ICMPv6信息。该文提出了一种方法可以解决这个问题,并对相关的安全问题进行了探讨。
Path MTU discovery is a very important characteristic of IP version 6.The IPv6 packages can't be splited by the routes in the path, so the source host must know the minimum MTU. Path MTU discovery is used by the source host to know the minimum MTU of a path, which means packet too big messages is used. If firewall block packet too big messages, path MTU discovery couldn't work. So firewall should distinguish the information of ICMPv6 message associated with a path. The paper puts forward a method to resolve the issue, and discusses the security problem about it.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第15期216-218,共3页
Computer Engineering
基金
广东省教育厅基金资助项目"网络信息安全系统"
