IETF Logo Mail Archive

Re: [IPv6] Removing extension headers from packets (revisited)

Mark Smith <markzzzsmith@gmail.com> Sat, 19 August 2023 00:35 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB2EC151524 for <ipv6@ietfa.amsl.com>; Fri, 18 Aug 2023 17:35:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.603
X-Spam-Level:
X-Spam-Status: No, score=-1.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28fii0zLqk3h for <ipv6@ietfa.amsl.com>; Fri, 18 Aug 2023 17:35:43 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAA0EC151080 for <6man@ietf.org>; Fri, 18 Aug 2023 17:35:43 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5236b2b4cdbso1865552a12.3 for <6man@ietf.org>; Fri, 18 Aug 2023 17:35:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692405342; x=1693010142; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=IM6UU5i042Lk0PYMUHVMRT0t/N1cqb11hoHqnZ6/Yps=; b=WQa1QU8fz7ezDNkeF/nDGU2VtDseezghIYSkeqi3Ke+0VxQUr1HY7LOQxOQ9UxAvhY T83gqs0l39H8D8aDoYiUlxsTOyf43glrSqns/FklvBwYdfs9zWdU+lqeB7jXdhIl+Q+v nKwl4TUtXRhtEbizTaWL2EhSWtVD7VIOxcRqRslH2Iy8bQYkhNFLA8/5yzXc316/fxA2 WMVlRtiv8fMtfZp3YIg8GA4qogoiAKtG6emYRzxv9uhrxWVxjBMj5yGVletwL7eo0+8k /qyCbg9/Z94bLO8Q01z1b3ya0rMObAZ1a8Ync43eWtDtLx6juytcGVqDV0Eu6UILb7vX Io4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692405342; x=1693010142; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IM6UU5i042Lk0PYMUHVMRT0t/N1cqb11hoHqnZ6/Yps=; b=WKeDwYLm8gDUDieZzhik5CIHyIatsx++/0w3hHp2vKavaFuXC54V57cG7wYWPj7jBz 2r6nyueYGok49M3IiiVsqKGJsde6SYBro2UB26lNhKKWVNR2g3uUhJLRAwkRcenp+KFN S28YSVu7zaTIu+EYRsyH7fxj/hIgSIiz9VPZr6MkR+T9J69iR+OnKahnq8XMlpKKjy8t O+Y9vAql09FclIhqc1n3BzBqPSJ/tEGxMDCNyWerZajd3QMF5WE8BLB7b9iieBxP4eXA NSsYSMUEyNxphK3z7QEFJ/fqjJpfh2p9/mG9sMos9ZrouTv3fD+QdwoDkbPKTVjCTUTF klKQ==
X-Gm-Message-State: AOJu0Yxsgq3qzVU7TfndtWHgR7nvtcx/ACr8SS/Nw0Vi3ZhhARTg/pNN PCEH8UFen7v901PSDrqo/xknhb4HAoJsmg1JHsFNuc03
X-Google-Smtp-Source: AGHT+IEK0FxA7Ks8FgmhdJUIQBxwv2I6u8ZOhf0pmUV6uliCb3g1hQIBbUTA0R1prbyd2T3UwhWzSRqYcR8czz7kO2I=
X-Received: by 2002:aa7:cf09:0:b0:523:a45f:419a with SMTP id a9-20020aa7cf09000000b00523a45f419amr479987edy.41.1692405341624; Fri, 18 Aug 2023 17:35:41 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36gQBgNAp-Poq3pRupGWUh0iA8M546=S=vUp5cQK_82TQ@mail.gmail.com> <CAO42Z2zAf4EAKhX1ZJC1KUk4DXcNZykA82hdUfo64h45q8DVUQ@mail.gmail.com> <CALx6S36pk0+YjdjgNvWCsAjF5NVmQLnp8pKc30uOb1DZmcfasQ@mail.gmail.com> <CAO42Z2zmxiGANzdB6RdrfgGLfH_Q-D7-U_JGJ0V++3ms8nGxOg@mail.gmail.com> <CALx6S37BYjhShGhHbg8qK4Fxeubrep7BGzRBmrHD9DcBcToxPw@mail.gmail.com> <620318f4-d6ae-3c29-c5f1-93797363d47c@joelhalpern.com> <ZN79+XuBZnSSdL4y@faui48e.informatik.uni-erlangen.de> <95A2754C-B6D8-43DB-AE61-7B8C6EF6457E@employees.org> <ZN8ccT3ihsuQIPq+@faui48e.informatik.uni-erlangen.de> <B9795357-CD00-4FEC-B537-40CBD7C6B264@employees.org> <4890cd3e-9be6-ca0c-967d-57201d754ef0@joelhalpern.com> <8A2D1C35-47AF-481D-9346-FC675562A742@employees.org> <CALx6S366Rkps35=Ash-dPq_O2sKqfnhoq_G62Xuyt7qxBRdiNw@mail.gmail.com>
In-Reply-To: <CALx6S366Rkps35=Ash-dPq_O2sKqfnhoq_G62Xuyt7qxBRdiNw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 19 Aug 2023 10:35:14 +1000
Message-ID: <CAO42Z2xJQFJy+EBb8kybhL82v8n02pOYViiSzo10oL7uZca=eQ@mail.gmail.com>
To: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>
Cc: Ole Troan <otroan=40employees.org@dmarc.ietf.org>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DgeTRvxlu2zdNm-PAnxIKEGDm5A>
Subject: Re: [IPv6] Removing extension headers from packets (revisited)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Aug 2023 00:35:47 -0000

On Sat, 19 Aug 2023, 03:50 Tom Herbert,
<tom=40herbertland.com@dmarc.ietf.org> wrote:
>
>
>
> On Fri, Aug 18, 2023, 9:19 AM Ole Troan <otroan=40employees.org@dmarc.ietf.org> wrote:
>>
>> > That code makes lots of assumptions.   First, it assumes a software router.  Second, it assumes there is exactly one EH to be removed, and it is in a position that is known a priori.  And many other bits and pieces.
>>
>> It would be hard to not understand that what I gave was purely a concept and not “code”.
>> The HBH header is always at a fixed position. And I think we are far enough down the path of allowing a HBH option to require for it to limit itself to a single option.
>>
>> The point though, stands, the claim that header removal cannot be allowed in standards because it is hard to do in hardware seems very weak.
>
>
> I'll post a draft shortly, but I think the requirements are something like:
>
> An HBH EH (that immediately follows IPv6 header) MAY be removed unless the packet contains an Auth EH



It's going to be quicker to generalise and say all IPv6 fields are
mutable, which implicitly means EHs can be inserted or removed
in-flight (i.e. mutable next-header field) and that field definitions
are only suggestions, unless the AH header is present..

c.f. SPRING CSID redefines the Destination Address (singular) field to
carry multiple destinations.

Also remove any of the IPv6 fields being included in the transport
layer checksums. Probably a layer violation in the first place anyway
and a carry over from when IP was part of the TCP protocol.

Finally, deprecate ICMPv6 unless the AH is protecting the packet for
which the ICMPv6 message is going to be generated. Although we don't
care much for operators here, receiving no ICMPv6 message would be
more useful than receiving a misleading inaccurate one when it isn't
possible to easily tell if the received ICMPv6 message is accurate.

The principle of least astonishment demands being frank about what
actually is and isn't allowed, rather than piecemeal modifications to
RFC 8200 hidden away in a variety of other RFCs.


>
> A routing header MAY be removed if:
>
> - The final destination has been set in the DA
> - And there are no extension headers that preceed the routing header (except if it is immediately preceeded by a HbH header that is also being removed)
> - And the packet does not contain an Auth EH
>
> Additionally, for segment routing header, maybe the SRH SHOULD NOT be removed if it contains options
>
> Tom
>
>>
>> O.
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email