Re: [BEHAVE] NAT64: clarification on RST handling in V6 FIN RCV state
marcelo bagnulo braun <marcelo@it.uc3m.es> Thu, 08 March 2012 06:27 UTC
Return-Path: <marcelo@it.uc3m.es>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98D9221F8554 for <behave@ietfa.amsl.com>; Wed, 7 Mar 2012 22:27:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfANvoo42KYd for <behave@ietfa.amsl.com>; Wed, 7 Mar 2012 22:27:11 -0800 (PST)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id 12F1121F8691 for <behave@ietf.org>; Wed, 7 Mar 2012 22:27:10 -0800 (PST)
X-uc3m-safe: yes
Received: from marcelo-bagnulos-macbook-pro.local (wlap005.it.uc3m.es [163.117.139.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id 188E6C27EE9; Thu, 8 Mar 2012 07:27:08 +0100 (CET)
Message-ID: <4F58513B.3010508@it.uc3m.es>
Date: Thu, 08 Mar 2012 07:27:07 +0100
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Dmitry Anipko <Dmitry.Anipko@microsoft.com>
References: <03FE6A726D13284495EF1787D25F1DF91F84F766@TK5EX14MBXC238.redmond.corp.microsoft.com>
In-Reply-To: <03FE6A726D13284495EF1787D25F1DF91F84F766@TK5EX14MBXC238.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.8.0.1017-18760.003
Cc: Murari Sridharan <muraris@microsoft.com>, "behave@ietf.org" <behave@ietf.org>
Subject: Re: [BEHAVE] NAT64: clarification on RST handling in V6 FIN RCV state
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2012 06:27:12 -0000
Hi Dimitry, We had a long discussion about how to handle RST packets and the possibility of using an RST packet in a mailicious way was a concern, also considering that the nat64 is unable to determine how the host would handle the RST packet. Because of this, we decided to go the conservative way and don't change the nat64 state upon the reception of a RST packet. We also had a long discussion that there may be some more fine grained ways to deal with this depending whether it comes from the internal side or the external side. The particular case you discuss i don't think we explicilty discussed it, but i guess it falls in the aforementioned case of higher granularity and my take is the same as above. It could be a reaosnable optimization, but it woudl increase the complexity of the implementation. I hope this makes sense. Regards, marcelo El 08/03/12 01:06, Dmitry Anipko escribió: > > I’ve not seen any responses, comments would be appreciated. > > *From:*Dmitry Anipko > *Sent:* Thursday, February 23, 2012 4:21 PM > *To:* behave@ietf.org > *Subject:* NAT64: clarification on RST handling in V6 FIN RCV state > > Hello, > > RFC 6146, section 3.5.2.2, says that in V6 FIN RCV state **any** > packet other than V4 FIN must set the session lifetime to no less than > TCP_EST=2hours. > > If the V4 target sent RST in response to the translated V6 FIN, what > is the reason to keep the NAT mapping alive for TCP_EST instead of > TCP_TRANS? > > Should the language “if a V4 FIN packet is received,… lifetime is set > to TCP_TRANS” be changed to “if a V4 FIN or V4 RST packet is > received,… lifetime is set to TCP_TRANS”? > > -Dmitry > > > > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] NAT64: clarification on RST handling in … Dmitry Anipko
- Re: [BEHAVE] NAT64: clarification on RST handling… Dmitry Anipko
- Re: [BEHAVE] NAT64: clarification on RST handling… marcelo bagnulo braun
- Re: [BEHAVE] NAT64: clarification on RST handling… marcelo bagnulo braun
- Re: [BEHAVE] NAT64: clarification on RST handling… Murari Sridharan
- Re: [BEHAVE] NAT64: clarification on RST handling… Murari Sridharan
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker
- Re: [BEHAVE] NAT64: clarification on RST handling… Wesley Eddy
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker
- Re: [BEHAVE] NAT64: clarification on RST handling… Wesley Eddy
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker