IETF Logo Mail Archive

Re: [dhcwg] recommendation on DHCP6 source port numbers

Bernie Volz <bevolz@gmail.com> Thu, 29 February 2024 15:45 UTC

Return-Path: <bevolz@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B7AC18DB8B for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 07:45:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhHx_acs-zrB for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 07:45:43 -0800 (PST)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20A55C1C4D92 for <dhcwg@ietf.org>; Thu, 29 Feb 2024 07:45:43 -0800 (PST)
Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-787a2a14d9cso68503785a.2 for <dhcwg@ietf.org>; Thu, 29 Feb 2024 07:45:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709221542; x=1709826342; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=VSoNoKw9+43xBOBLM7O/csUAxU468lO3TvGIjIJFxRc=; b=gUhAmKs0iqHA4IpL4AVt9LUgCNJkPGWS1i7TXAkQojaaYuUW6TVutUcvktmPRPLNmp pSycDU8Y1ZPdHugcIkZiSTANnz1WiMhU32E/u5er7wZ+ZbmtA5QjG3Smp+FnCt5AJQNx ljSsZSoom3b+M+ysZuBSeBqlyTvdIgRIZLlLE4WYojguJzqWP/GTwCJduLoekF5ligAZ Ds5lDKV8phb9/AFSRe4RrPPhjQLQYEjg4Nvrc/bgt4IDn7U5SntCoA8edJO4CwrwQZcx 6xahyh6u85oyWKlVrUmiDYZi0TuAQphQxbafT8vMd3n0oI3N3p+jQzua0Q+Oeny44kJL CdLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709221542; x=1709826342; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VSoNoKw9+43xBOBLM7O/csUAxU468lO3TvGIjIJFxRc=; b=PIfo7QpsATvR2laqQsgttYzF/En6q0Fkah3uZ+U9VAr0iYHGQy3undM9PEDSoz5ZPg DL4rbdbKQ+KTB567aVAzq5lt4sujUJid5HV3TamsSTR3knzmSsS5tT6eESYgcia7JooJ kkIqL2pWUbPFFU0VFq/ik7S7riSNqOLfYjGErdMAgu7V/900lC+m5hyIA01Ya2ZyMsBO M7iC6sTYh9CwYJD/XXWck8lcYM/HLPfFZeUjLAZD0n5HoRNPerSX1ZHQzAu+GDfnRTOh 4+N2EsJkv0JtLMiAziUynJavObZuiABsxCi/aIV9f3UHax/GhDJecwLA1aANPp1peGkU O7+A==
X-Forwarded-Encrypted: i=1; AJvYcCUJM1tAanfZX1rH7vwEL0UmLWxL0tee5dhnjhZn++hRvl6y3rcVs42OWX3hzNp3onTxZTuwkuAbjDatgsWqbg==
X-Gm-Message-State: AOJu0YwuoKT25G0esBNDNmGmDgvRddHr3nlrzbq1+WjL9U7NmHu0J7H1 hJlZeYX0MwgM89h8oXhfkhdyc0Og7AFEKZdaYE2qEyWMFX9OdeQ=
X-Google-Smtp-Source: AGHT+IEYn7+P4vZjwJRhR5/zRxbGWhCYUVLNABiD5ePS2oYaIWXBNw6dFi7DXywnX4xUpAMLbC3iiw==
X-Received: by 2002:ae9:f10a:0:b0:787:4c0c:fa0c with SMTP id k10-20020ae9f10a000000b007874c0cfa0cmr2202818qkg.4.1709221541843; Thu, 29 Feb 2024 07:45:41 -0800 (PST)
Received: from smtpclient.apple (d-69-161-122-95.nh.cpe.atlanticbb.net. [69.161.122.95]) by smtp.gmail.com with ESMTPSA id t3-20020a05620a004300b00787b7732c0csm788462qkt.4.2024.02.29.07.45.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Feb 2024 07:45:41 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Bernie Volz <bevolz@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 29 Feb 2024 10:45:30 -0500
Message-Id: <BAB1070B-E2B3-4430-B355-871B8AE1AEDF@gmail.com>
References: <44363ABD-3FF1-4EA6-9E4D-85152467F24D@employees.org>
Cc: Lorenzo Colitti <lorenzo@google.com>, Tomoyuki Sahara <tsahara@iij.ad.jp>, dhcwg <dhcwg@ietf.org>
In-Reply-To: <44363ABD-3FF1-4EA6-9E4D-85152467F24D@employees.org>
To: Ole Troan <otroan@employees.org>
X-Mailer: iPad Mail (21D61)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/9CKlb97SStyHTgeE_QHHCJEunz4>
Subject: Re: [dhcwg] recommendation on DHCP6 source port numbers
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 15:45:45 -0000

DHCPv6 has been successfully deployed and this is the first I recall of this kind of discussion/issue.

You would likely also invalidate a lot of implementations with such a change, which is not really in line with advancing this to Full Standard.

- Bernie (from iPad)

> On Feb 29, 2024, at 10:33 AM, Ole Troan <otroan@employees.org> wrote:
> 
> 
>> 
>> Server reply is sent to destination port 546. How would that confuse any other host?
> 
> I don’t think that’s obvious in RFC8415.
> If a client sends from a random port number, it would typically listen on that port, and the server could very well send to that port.
> That’s the ambiguity.
> In my view the specification should be clarified, and I think I prefer to state that only ports 546 and 547 are used. Both for source and destination port. That makes it easier to filter and is also consistent with how you expect UDP to look like on the wire.
> 
>> And, IPv6 doesn’t have broadcast. Server always sends to client’s link-local address (or whatever source address it used).
> 
> Yes, the use of link-local in the reply removes that.
> (IPv6 multicast is in most cases indistinguishable from broadcast :-))
> 
> Cheers,
> Ole
> 
> 
> 
>> 
>> - Bernie (from iPad)
>> 
>>>> On Feb 29, 2024, at 10:22 AM, Ole Troan <otroan@employees.org> wrote:
>>> 
>>> Bernie,
>>> 
>>> Why isn’t this text relevant also for DHCPv6:
>>> 
>>>> We could not simply allow the client to pick a 'random' port
>>>> number for the UDP source port field; since the server reply may be
>>>> broadcast, a randomly chosen port number could confuse other hosts
>>>> that happened to be listening on that port.
>>> 
>>> 
>>> Cheers,
>>> Ole
>>> 
>>>> On 29 Feb 2024, at 15:56, Bernie Volz <bevolz@gmail.com> wrote:
>>>> 
>>>> This text seems a bit off. If the server always sends to the client port, its source port doesn’t matter.
>>>> 
>>>> I think this original text was because normal UDP communication could then happen and may have been because of limits in the APIs available at the time?
>>>> 
>>>> This is unnecessary today.
>>>> 
>>>> If you follow the rules, all is ok with whatever source ports are used:
>>>> 
>>>>   Clients listen for DHCP messages on UDP port 546.  Servers and
>>>>   relay agents listen for DHCP messages on UDP port 547.
>>>> 
>>>> I don’t know if the word “listen” in this is what causes confusion? Maybe it should just be:
>>>> 
>>>>   Clients receive DHCP messages on UDP (destination) port 546.  Servers and
>>>>   relay agents receive DHCP messages on UDP (destination) port 547.
>>>> 
>>>> But maybe even that is still confusing to some.
>>>> 
>>>> - Bernie
>>>> 
>>>>>> On Feb 29, 2024, at 9:16 AM, Ole Trøan <otroan@employees.org> wrote:
>>>>> 
>>>>> Guess we haven’t departed too far from bootp.
>>>>> Which seems to make a case for the client using the reserved port number also as the source port.
>>>>> 
>>>>> Rfc951:
>>>>> The UDP header contains source and destination port numbers. The
>>>>> BOOTP protocol uses two reserved port numbers, 'BOOTP client' (68)
>>>>> and 'BOOTP server' (67). The client sends requests using 'BOOTP
>>>>> server' as the destination port; this is usually a broadcast. The
>>>>> server sends replies using 'BOOTP client' as the destination port;
>>>>> depending on the kernel or driver facilities in the server, this may
>>>>> or may not be a broadcast (this is explained further in the section
>>>>> titled 'Chicken/Egg issues' below). The reason TWO reserved ports
>>>>> are used, is to avoid 'waking up' and scheduling the BOOTP server
>>>>> daemons, when a bootreply must be broadcast to a client. Since the
>>>>> server and other hosts won't be listening on the 'BOOTP client' port,
>>>>> any such incoming broadcasts will be filtered out at the kernel
>>>>> level. We could not simply allow the client to pick a 'random' port
>>>>> number for the UDP source port field; since the server reply may be
>>>>> broadcast, a randomly chosen port number could confuse other hosts
>>>>> that happened to be listening on that port.
>>>>> 
>>>>> 
>>>>> O.
>>>>> 
>>> 
>>> 
>> 
> 
>

v2.29.0 | Report a Bug | By Email | System Status