Re: Robustness principle and multicast source address
Mark Smith <markzzzsmith@gmail.com> Tue, 20 November 2018 01:45 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81734124C04 for <ipv6@ietfa.amsl.com>; Mon, 19 Nov 2018 17:45:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pURcTewLmOzl for <ipv6@ietfa.amsl.com>; Mon, 19 Nov 2018 17:45:38 -0800 (PST)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC92D128C65 for <ipv6@ietf.org>; Mon, 19 Nov 2018 17:45:38 -0800 (PST)
Received: by mail-ot1-x329.google.com with SMTP id t5so291121otk.1 for <ipv6@ietf.org>; Mon, 19 Nov 2018 17:45:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NLZ5Atxd4SE8Pp5q3DIA+fN1MOLV+gV/fw2yzW//t5Y=; b=Ydw7vrMQUPFEA83ZFo2nzA513XjvJAgvjjvlTuY3AFFst/9/+xbFeH5z1/EZaeIlat gB60nrrbFJYHcGfKgTDsBZYYhwra4az84kwcn1bK1mK1/knnK1F9oWVP3kuQqCGH+9T5 Y10hHutnIToJ/imrM7cPwjM6W1+r69kdKJJ9rtNQhjEkCz4LCUhd9aq14fD6/w8KzvfT IQRkJWUyctCu4iYHpePRa7yAGrbPcD9IWAH+l+INj0EPso2uBIPo5HBRZldgAGHvc6bM GLwvverYXB/LsGCfzLXOYZ10hlCaZihSojxM8E7vJ8Qkv4g8CC5BkxeZfQx63hltGlZh fOZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NLZ5Atxd4SE8Pp5q3DIA+fN1MOLV+gV/fw2yzW//t5Y=; b=VaTer8RvzDXKu5X0Mph7BhRk2mqsWk0B4w88zhQu9QIAIKB9oA29xrI30sIPX/mYV8 e/uSZM3rAqnlKkeijjKewco01jurDmuAbWxyYGACKAhKXHsSiho1y2YhKEmrdHSm8WyY +zfrORxkywsR1Lvk0jJt5ODJqIvupG3R/XJa4qk8gBnZoY6+05UFwuZzSRHue/y2rcSD mlCEJP9oF4CwVtCeLaKAd6zJVT5tTNqAmQ01zYwGvOnarfVN5DaqCbFvS7Cxg/IZs266 Y282SkfVMGXDwY4RNW2BJluw90sG/GoYj4AGUvjG2vh2kM9l4fQGUU5So1MtI6o43U+h vQBQ==
X-Gm-Message-State: AA+aEWYUVU8ME5DOTExsiYZyRGr2BK4DRkBRUZGg6urCLCfvq5AZ2b4b g1xu0kTjhCM60yiNlO8xBbBYx8laZRCfxEpqSTE=
X-Google-Smtp-Source: AFSGD/XZSDtqSSH+EmxX3+8mxuz6PHzoWhWCtgiIBL0NrsmudbUrIgfpLTDUcgKUxUvEmawB2qANrvjzTlcRot9zRNU=
X-Received: by 2002:a9d:7059:: with SMTP id x25mr50450otj.35.1542678337997; Mon, 19 Nov 2018 17:45:37 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BAQH-vYkpk0cuhdvTZFEQXKx4DnDzVObN7xY84CWBTQbPg@mail.gmail.com>
In-Reply-To: <CAFU7BAQH-vYkpk0cuhdvTZFEQXKx4DnDzVObN7xY84CWBTQbPg@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 20 Nov 2018 12:45:11 +1100
Message-ID: <CAO42Z2zapn43gnjD_SLFt+q7ZiqykFT9gEyhandSpCgo7-TN_w@mail.gmail.com>
Subject: Re: Robustness principle and multicast source address
To: Jen Linkova <furry13@gmail.com>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/G5YC56h2No03gtuynQwyiMIetmA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 01:45:41 -0000
Hi Jen, On Thu, 15 Nov 2018 at 17:32, Jen Linkova <furry13@gmail.com> wrote: > > The section 2.7 of RFC4921 says: > > Multicast addresses must not be used as source addresses in IPv6 > packets or appear in any Routing header. > > (https://tools.ietf.org/html/rfc4291#section-2.7) > > Does it mean that any packets with multicast source MUST be dropped by > the receiver? Or shall Postel's Law still apply? > I'd be saying MUST, and silently. A multicast source address fundamentally doesn't really make sense. A multicast address represents a group of addresses, so a multicast address in a single packet's source address field suggests the single packet somehow has multiple sources, which suggests multiple devices built parts of the single packet. IPv6 doesn't support multi-source multi-part single packets! (Has any protocol?) Source addresses are also commonly used as destination addresses for responses, so a multicast source address where a unicast address should be can mean a link layer flooded multicast instead of unicast response. (For IPv4, RFC1122 specifies that received, link-layer broadcast IPv4 packets that do not have an IPv4 broadcast or multicast address should be silently ignored, mitigating this scenario.) With old enough Ethernet switch firmware that supports translational bridging, the I/G bit in the Ethernet source address field actually means there is a source route information field, following the destination address (https://www.cisco.com/c/en/us/support/docs/ibm-technologies/token-ring/24501-trb-rif.html). If there isn't, the switch might drop the packet, which some server colleagues of mine found out when they tried to use the Linux IPtables ClusterIP extension, as it tries to use "multicast" source Ethernet addresses. > In particular (practical question...): shall an NA packet from the > multicast source be dropped (if one applies the NA validation rules > from https://tools.ietf.org/html/rfc4861#section-7.1.2 such packet > would be still a valid advertisement...) > This draft did specify some more stringent NA source address validation, as well as other validation e.g. Source Link Layer Address option does not contain a multicast link layer address. "Security Assessment of Neighbor Discovery (ND) for IPv6" https://tools.ietf.org/html/draft-ietf-opsec-ipv6-nd-security-00 Regards, Mark. > -- > SY, Jen Linkova aka Furry > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- Robustness principle and multicast source address Jen Linkova
- Re: Robustness principle and multicast source add… Bless, Roland (TM)
- Re: Robustness principle and multicast source add… Yu Tianpeng
- Re: Robustness principle and multicast source add… Brian E Carpenter
- Re: Robustness principle and multicast source add… Carsten Bormann
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Christian Huitema
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Ola Thoresen
- Re: Robustness principle and multicast source add… Fernando Gont
- RE: Robustness principle and multicast source add… STARK, BARBARA H
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Ola Thoresen
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Christian Huitema
- Re: Robustness principle and multicast source add… Simon Hobson
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Ola Thoresen
- Re: Robustness principle and multicast source add… Brian Haberman
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Christian Huitema
- Re: Robustness principle and multicast source add… Dennis Ferguson
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Fred Baker
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Mark Smith
- Re: Robustness principle and multicast source add… Jen Linkova
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… Alexandre Petrescu
- Re: Robustness principle and multicast source add… 神明達哉