[IPFIX] [Technical Errata Reported] RFC7011 (7413)
RFC Errata System <rfc-editor@rfc-editor.org> Sun, 02 April 2023 23:17 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A52ADC151554 for <ipfix@ietfa.amsl.com>; Sun, 2 Apr 2023 16:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=5, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EN-5wo6AshSm for <ipfix@ietfa.amsl.com>; Sun, 2 Apr 2023 16:17:42 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22EB0C15154D for <ipfix@ietf.org>; Sun, 2 Apr 2023 16:17:42 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id D199456691; Sun, 2 Apr 2023 16:17:41 -0700 (PDT)
To: bclaise@cisco.com, trammell@tik.ee.ethz.ch, paitken@cisco.com, warren@kumari.net, rwilton@cisco.com, n.brownlee@auckland.ac.nz, quittek@neclab.eu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mwd@cert.org, ipfix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20230402231741.D199456691@rfcpa.amsl.com>
Date: Sun, 02 Apr 2023 16:17:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/AkCZr1jObLt_x9cyQ73qXBlKC2w>
Subject: [IPFIX] [Technical Errata Reported] RFC7011 (7413)
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Apr 2023 23:17:46 -0000
The following errata report has been submitted for RFC7011, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7413 -------------------------------------- Type: Technical Reported by: Michael Duggan <mwd@cert.org> Section: 3.4.1 Original Text ------------- Field Count Number of fields in this Template Record. Corrected Text -------------- Field Count Number of fields in this Template Record. The Field Count MUST NOT be zero. The sum of the Field Lengths of the Field Specifiers of a Template Record MUST NOT be zero. Notes ----- If the size of data record corresponding to a template can ever be zero, then the only valid size for such a data set is the size of the set header. For normal cases any size greater than that of the set header is a valid size, since records are read from a set until the number of octets remaining is less than the smallest possible record size for that set. If a record size can be zero, then any number of bytes past the header cannot be padding (is not smaller than the smallest record), and a conforming implementation might return an infinite number of zero-sized records. As this could cause a denial of service situation, rejecting templates that define zero-sized records seems to be the simplest solution. Similar text may be necessary for Option Template records, though the fact that the scope count MUST be non-zero may negate the necessity. Other possible fixes: * Require all Field Specifiers to have a non-zero Field Length. This may be an even simpler solution, but I can envision uses for zero-sized data elements, especially for elements that MAY be of variable length. * Require a conforming implementation to reject or ignore data sets for zero-sized templates. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7011 (draft-ietf-ipfix-protocol-rfc5101bis-10) -------------------------------------- Title : Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information Publication Date : September 2013 Author(s) : B. Claise, Ed., B. Trammell, Ed., P. Aitken Category : INTERNET STANDARD Source : IP Flow Information Export Area : Operations and Management Stream : IETF Verifying Party : IESG
- [IPFIX] [Technical Errata Reported] RFC7011 (7413) RFC Errata System
- Re: [IPFIX] [Technical Errata Reported] RFC7011 (… Brian Trammell (IETF)
- Re: [IPFIX] [Technical Errata Reported] RFC7011 (… Benoit Claise