A lot of confusion on the ipv6 layer3 headers and the differences when compared to the classic ipv4.
The 1st thing one quickly notice, all IPv6 L3 headers are always 40bytes big. This helps with L3 inspection and any routing decision, and now we only need to see the 1st 40bytes, to know the destination. Or inspect the 1st 40bytes, before we do anything else with the packet.
Next, ipv6 length means something different than what we expect in ipv4 L3 header. It means payload as in the actual payload length, nothing more or less
Also we have next-header field, which indicates the next-header and is NOT a protocol field as what one security members tried to school me on, who had no experience with ipv6. It was classical at best , when they trying to explain it :)
And finally we have this new field that we might have a lot of questions about ; "flow labels".
This 20bit label along with the tos ( qos ) helps to determine what level if any QoS to apply or how do we treat these packets that make up that flow & sequence.
Flow label are reality new, and still being hashed out on how to deploy and it's practical use. I know linux supports the injection of flow label information, but to be fair I don't think any downstream l3-ipv6 router would know what to do with them or even act on them ( cisco,brocade,juniper,etc...). In practicality, we have these fields mapped out with zeros as shown above in the bold.
Flow labels as I posted before, open up a router flow to be hack and labels manipulated in transit. Since encapsulation will not protect that field, I don't know how one can trust the labels as being authentication or authority of the labels from src to final destination.
The future will determine how we manipulate flow-label information
between the application layer and l3-layer of a ipv6 and if
routers/firewalls of the inet6 address-family will act on them.
more talks on ipv6 this week
"happy packet hacking and forgery"
Freelance Network/Security Engineer
kfelix at hyperfeed dot com