Re: [babel] Alvaro Retana's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
Juliusz Chroboczek <jch@irif.fr> Thu, 08 August 2019 22:12 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFA43120048; Thu, 8 Aug 2019 15:12:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebHH47Fq9rPD; Thu, 8 Aug 2019 15:12:26 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E56BF12002F; Thu, 8 Aug 2019 15:12:25 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x78MCKXZ024145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 9 Aug 2019 00:12:20 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x78MCLuZ014441; Fri, 9 Aug 2019 00:12:21 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id C009D3080A; Fri, 9 Aug 2019 00:12:23 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id OuD2f2rLMcJd; Fri, 9 Aug 2019 00:12:21 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 1F7B230807; Fri, 9 Aug 2019 00:12:21 +0200 (CEST)
Date: Fri, 09 Aug 2019 00:12:21 +0200
Message-ID: <87tvarmhmi.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: babel-chairs@ietf.org, babel@ietf.org, Donald Eastlake <d3e3e3@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-babel-rfc6126bis@ietf.org
In-Reply-To: <CAMMESszr+AC3-dhxKS0YhWJwADHVLSeQnUbYQ6Bz_QVN4yB-Qw@mail.gmail.com>
References: <156518456148.8400.6644665367614468260.idtracker@ietfa.amsl.com> <87y303x17h.wl-jch@irif.fr> <CAMMESszr+AC3-dhxKS0YhWJwADHVLSeQnUbYQ6Bz_QVN4yB-Qw@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Fri, 09 Aug 2019 00:12:20 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Fri, 09 Aug 2019 00:12:21 +0200 (CEST)
X-Miltered: at korolev with ID 5D4C9E44.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5D4C9E45.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D4C9E44.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5D4C9E45.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D4C9E44.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5D4C9E45.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/wZ05srXeqGTEdP2VPWPdiBGcguo>
Subject: Re: [babel] Alvaro Retana's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2019 22:12:28 -0000
>> - §3.8.1.2: "A node MUST NOT increase its sequence number by more than 1 in >> response to a seqno request." > Ahh…I see. The increase MUST NOT be more than 1 per request. That part was > not clear to me. Ah, I think I see the problem: "in response" is ambiguous. I'll change it to "in reaction". >> - §4: "A Babel packet MUST be sent as the body of a UDP datagram, with >> network-layer hop count set to 1..." > This is a requirement for the sender. No receiver side check is required > or even possible. > Well, if the received TTL > 1 then the receiver knows something is wrong. Sure, but there's not much that this check buys you. > Please take a look at rfc5082 and consider using that mechanism instead. That's what ND does, right? It was considered (in the dark times before Babel was at IETF), and rejected. We behave like RIPng and OSPFv3: we use link-local addresses with a TTL of 1, and require checking that the source address of a received packet is link-local. At any rate, changing it at this stage would break compatibility with the installed base, which would be the death of Babel. >> - §4.6.10: "...if AE is 0 (in which case Plen MUST be 0 and Prefix is of >> length 0)." > No clarification is necessary here, just like no clarification is > necessary that for an IPv4 address, plen <= 32. > What do you mean by “no clarification is necessary”? I'll add a mention, but I believe it is redundant. No explicit mention that IPv4 routes with a prefix length of 57 are malformed and must be ignored. That's because IPv4 routes have a maximum prefix length of 32. Analoguously, AE 0 has a maximum prefix length of 0, and it si redundant to mention explicitly that AE 0 routes must not have a plen of 57. > I understand why the values are 0. What I’m asking for is what should the > receiver do if AE = 0 and Plen = n (any number other than 0)? It's a malformed prefix. You ignore the TLV, just like you would ignore a TLV that announces 1.2.3.4/57. >> - §4.6.10/§4.6.11: Is AE 3 a valid value in a request? I assume it isn't. >> What should a receiver do if AE = 3. > This case is allowed -- there's nothing in the protocol that disallows > announcing routes within fe80::/64. Of course, it would be silly to do so. > Silly doesn’t mean that someone won’t try it…and may end up filling up someone > else’s table with garbage. I think this is a vulnerability. Sure. I agree with you that a robust implementation of Babel should filter out fe80::/64, ff00::/8, as well as 0/8, 127.0.0.1/32 and 224.0.0/24. I just don't agree this filter needs to be hardwired in the protocol specification, it's an implementation detail and should be configurable. A case in point: babeld used to filter out Class-E addresses, and then this happened: https://alioth-lists.debian.net/pipermail/babel-users/2018-December/003492.html > As a point of reference, OSPFv3 doesn’t allow the advertisement of link-local > addresses as destinations. OSPFv3, like all link-state protocols, requires uniform filtering rules within an area, so it makes sense to standardise a default set of filtering rules. Babel, like any distance-vector protocol, has no such limitation (nodes with different filtering rules will interoperate just fine), so it's much more reasonable to leave filtering to the implementation. -- Juliusz
- [babel] Alvaro Retana's Discuss on draft-ietf-bab… Alvaro Retana via Datatracker
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Vigoureux, Martin (Nokia - FR/Paris-Saclay)
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Donald Eastlake