Removal of destination options that precede a routing header
James Guichard <james.n.guichard@futurewei.com> Tue, 26 May 2020 13:41 UTC
Return-Path: <james.n.guichard@futurewei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 510793A0F68 for <ipv6@ietfa.amsl.com>; Tue, 26 May 2020 06:41:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEM1hWFn_Zy3 for <ipv6@ietfa.amsl.com>; Tue, 26 May 2020 06:41:29 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770132.outbound.protection.outlook.com [40.107.77.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 728823A0F5B for <6man@ietf.org>; Tue, 26 May 2020 06:41:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HCQnEa7mewnkHo6CH1Mdozd/4d3kHF9uCVwHbOZ75WF5afDEtbfWmpjjwNlos3cUWITUt2DGyBwT3iAxcAK13Cz6PKhR5F2123dwhjxga/7+Z7sA5voHpMx2Li2eKeBeUD7r5EnJ7amQnpOmCs0iDZwTffYLw6Ty8r9MKwQzItUiSRuky+9D/v3qqvlo1T7alOF29uiyDbZHg0OmMxWxBZ75qTTMd2O19QTqGaXAvRldsNG9IIxqS3bUkf2XPYOMK8+YoL1LCgJW0sv05C3GD4ImbXIOTRmGMOocTg1/PifMcmh6NRFAdggvUdkUSx56Hl9wNGUUGD1PjIj0IT86jQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mMBnr/mNMvrNgcVhRw3cFlOb+6JpreXEzeUWGgmw3OI=; b=RmzoK7Z78c9pSjDzCMcyp+FAD+gubWwXHS74LOhqX8c/qgKlBEInie4LdcYuTDjhEc7MA3e+JGYxTqNNV4Vp4Nx/og+nb+T8CsL7vtrJRJVKGe71/Xfpbe4VKGH2gPUkZHxujA2f+mMnbbF8lpJbq++gMilgwgGg0lmu81MUGvYo5h2PCT5aZX0dIIOBwKDtOe/BlDCs20gv4Zx7WMarEeY9pUy+MOGb4L/B91iuGD1B6KpMHNcQuSGXbEeT8hUKwIvBzjkQV7YSTXypA+KkKQzdQjPAYj5Sm8YmZcKY9SqoXOZ65I8/gzEqYAyi1pKti6sgHnsXhhT9zhtSbJheaA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mMBnr/mNMvrNgcVhRw3cFlOb+6JpreXEzeUWGgmw3OI=; b=ajOB4PI3oQmhV5J/WhjCe2qzjFw0nBJ2sQjuXBwPFL937WH89J1cxqstOSdDQJ/xhgvQbrbO2bOCbnxzX2Ompj3RK4QCOvFK7nY97ALxWf4oBIXn0oOrEbstoUR6MIlLMlUIP6Fi8WkswJPIaKzfC42bSU+Yo8Eg8snqNrPnJHA=
Received: from DM6PR13MB3066.namprd13.prod.outlook.com (2603:10b6:5:19d::18) by DM6PR13MB3868.namprd13.prod.outlook.com (2603:10b6:5:229::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.9; Tue, 26 May 2020 13:41:19 +0000
Received: from DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7]) by DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7%7]) with mapi id 15.20.3045.009; Tue, 26 May 2020 13:41:18 +0000
From: James Guichard <james.n.guichard@futurewei.com>
To: 6man <6man@ietf.org>
Subject: Removal of destination options that precede a routing header
Thread-Topic: Removal of destination options that precede a routing header
Thread-Index: AdYzYrnggUAxZR1YQtCyeO9Y0uk/jg==
Date: Tue, 26 May 2020 13:41:18 +0000
Message-ID: <DM6PR13MB306686E9F1A444C05BB5EF56D2B00@DM6PR13MB3066.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [47.14.47.233]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 20076bc3-f037-4601-1a20-08d8017a784a
x-ms-traffictypediagnostic: DM6PR13MB3868:
x-microsoft-antispam-prvs: <DM6PR13MB3868DE33F02B9B512E775523D2B00@DM6PR13MB3868.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 041517DFAB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Eir6mZ+32jKVXBLby/72iUYyOUwqVtuuwkmK/I5XZ8RDDh9094riTSuKuRs1LyoYanOJEtTUEzrEowJDM+Uu1ESCpyxFjPgd/Gx49FRJTzOQqGQMpZrleYgCqhqj6NREsdOub4mJD4zlOlo+u0KqekLy0wJTE1uP3Qx8aC4ITG9CRT69V3YOElHVAK80UXbxAueBavs8s+FUBnxpM+GUQbXG8xhc7JYtgua/RZzuM3E1eyW8CrR1H4CYKU7vab7li0iNNKL9apWI9Bmk6zRvHTaW/vmFNBlWdKWIq6/68hxbAJRYoJo9vcHq/dRkiW9H1/zVcGEAOYqVEPQfqCkd1A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB3066.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(5660300002)(86362001)(66574014)(2906002)(33656002)(66946007)(6916009)(55016002)(9686003)(66476007)(498600001)(66556008)(64756008)(76116006)(66446008)(8936002)(8676002)(52536014)(71200400001)(7696005)(6506007)(186003)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: IJ2Cdznb54ypW0cMQKExjVE4cfuSqp30HqEZuTM4ocwm5yqe/CNf19nc8FMjjzb0TDYaESnH+K56guNJ3yQsej3Kx1vf0CPPE4OscmoBhsFKPpgNDQ+2CEoVUcgCTgSP2Qxb4F0yL7sEnxUHhXsrWVv1neW/UikgqcOu5xcqzFz3OFWWDKCKGm39h6SwgX2QnW0GqIXsoI6T2/4afypTb5Vjw66dGEfw2FoFIDzDDOicdPf8iH50yIUfzZKQnrPpqu4oSRHinGXrDD1cn7mPwvvvvTsT9akkOfd/svopuqJTjacIkrTW/eNXjEOA+FaFiDDEcOmgQRNwHo4FVyhysbSt2B6AyrN9TfECLwy+ELkKPfJH0XFFyw+Hajz23opZvy7JMWGiflZE7eiBLQX3ervJJGWyD4lRwngr4gwBO2Vx0DnJP4q3qjSEtB045R22+pporSu5a/MRFozwD4beHwhvvoW9vvjGA937+hGl1u8=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR13MB306686E9F1A444C05BB5EF56D2B00DM6PR13MB3066namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 20076bc3-f037-4601-1a20-08d8017a784a
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2020 13:41:18.7516 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: e943s3O3ZfiHkMqm8g2XiYINe0uMMg0jo5TsRtR/sqAvfumcISJksiyV3dgGMMa4BmTIpeKQdJHnuJVQcci5+w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB3868
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/p39wFPq3ecmaTxVtDOIJumAmvBY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 13:41:35 -0000
Dear 6man,
I am trying to determine how destination options that precede a routing header are supposed to be removed. RFC8200 is very unclear on this point although the text infers what will happen without saying so specifically (at least I don't see any text).
For destination options after a routing header the process seems clear if not actually stated. RFC8200 has this to say in section 4.1:
note 3: for options to be processed only by the final destination
of the packet.
Note 3 is for destination options after a routing header. As such the destination option is processed after the routing header and therefore the router is able to determine from the SRH that it is the final destination as segments left = 0. Presumably an implementation would at this point remove the routing header and the destination options and send the packet on its merry way.
For destination options preceding a routing header RFC8200 has this to say in section 4.1:
note 1: for options to be processed by the first destination that
appears in the IPv6 Destination Address field plus
subsequent destinations listed in the Routing header.
I can infer from the above that the destination option gets processed by each node in the routing header because the DA of the IPv6 packet at each hop is taken from the routing header so the router processes the destination option because it is addressed to it. At some point the packet is addressed to the last node in the routing header; upon receipt of a packet at that node the destination option is processed and then the routing header - the routing header is presumably now removed as segments left = 0 *but* the destination option was already processed and so the packet is sent on its merry way but this time *with the destination option that precedes the routing header*. If this is the case, then you have just leaked information contained within the destination option outside of the limited domain e.g. this almost certainly happens at a PE router.
I would appreciate clarification on this.
Thanks!
Jim
- Removal of destination options that precede a rou… James Guichard
- Re: Removal of destination options that precede a… Sander Steffann
- Re: Removal of destination options that precede a… Jim Guichard
- Re: Removal of destination options that precede a… Sander Steffann
- RE: Removal of destination options that precede a… James Guichard
- Re: Removal of destination options that precede a… Sander Steffann