IETF Logo Mail Archive

Conflicting requirements for sending ICMPv6 and EH scan?

Tom Herbert <tom@herbertland.com> Fri, 24 May 2019 20:58 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50E912007C for <ipv6@ietfa.amsl.com>; Fri, 24 May 2019 13:58:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5I2QUgm8so2k for <ipv6@ietfa.amsl.com>; Fri, 24 May 2019 13:58:20 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CB812004D for <ipv6@ietf.org>; Fri, 24 May 2019 13:58:20 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id o2so9178991qkb.3 for <ipv6@ietf.org>; Fri, 24 May 2019 13:58:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=4So18PZenCj98o7oPaxnakCS/SaHLZ0VKBpVprrwNyo=; b=wY+9SGwaFcTu8ip7sBnN7dM0qm9SZ29SlOSsfU4KOTXLjggYghBTyak3DCJGVf/8qm WBPZzt6YpCuLT2I4Fqbspsvn/fMS7cowzlpbr3wvLU++rw8iJse/4754eevy4dmYhdzj EHQq+rrVpe0S0EeILkTpD5SGqTX7pvOEKWm/2/hgWXVgFKVK6EeHp7asrknri+0mRooD StuRHgsXqoRiexKd3Cljm2sgGcCy3m9XP16+WsgjOGHV/C7XVu0C6Da7jFr3CPVrH6fF mCFKoVVQFsgA8Dg7scZ9hE/PB7ntt+Ng4eoKOuTV4Akqx/OJjbzxRkq7n+LBos4/65jo qlAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4So18PZenCj98o7oPaxnakCS/SaHLZ0VKBpVprrwNyo=; b=hBulQ53DHQkNSc+7kxsrjokCZHUnGrq8WYzFzN8ShlMTyk33m3y7RoUXz2ZRQF1rtS NL2O8EG5fyrDuMxkH2KK3dcW73uK0/+CnolMLeJJhnNSJ43FurXtGymP0vhp/I8o/fTi Vpdvs6NM5/vOwMpuhlb60EXA8lJNRjHQZpupQNeWux+JISMe8KZwWhYM6nft2z8JhK8H krYgwg+176Ocu0ZBTgvoAgKd7YxZLKU4D6VSTFxnLXo9WnOUa2YbMgFItl1KiSk70kKR H2ya1fTmENUlLsI3haTnAz5OdqmhCrDe1hwqRs1J5F0W7HlFnrtN5PnKkMnbijCOO+T9 7jyA==
X-Gm-Message-State: APjAAAVgZbGADEP1h8Y/jvpjixyDpWFk3R56xKRXtE71AxRCs/PkPFO1 PczZyV7po/xviuSwM17UHdGN5CpQCT4afoDdn62nUT8Ql2qCVA==
X-Google-Smtp-Source: APXvYqwsVLCb9rCq3WnLlAuBUpNYXqAIwSmZSkSWUb1ys68p+RsrPk+9Gwi65AVXRvCEguB51sibOZFmLYy6nlq7B2U=
X-Received: by 2002:aed:3ef6:: with SMTP id o51mr42537792qtf.392.1558731499396; Fri, 24 May 2019 13:58:19 -0700 (PDT)
MIME-Version: 1.0
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 24 May 2019 13:58:08 -0700
Message-ID: <CALx6S37wNpe=XweKh=Y6ARZ1nfjvySmK=km6+_UTDVFPujp7bA@mail.gmail.com>
Subject: Conflicting requirements for sending ICMPv6 and EH scan?
To: 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/WTLCBmEH5cO-p_JdN7cG_KQE2Gs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 20:58:23 -0000

Hello,

I am updating the references in Linux stack from RFC2460 to RFC8200. I
came across the ipv6_skip_exthdr function which contains a long, and
somewhat apologetic, comment that this function is purposely walking
over all the IPv6 extension headers for the purpose of locating the
transport layer protocol and hence violates RFC2460 (RFC8200):

"Therefore, extension headers must be processed strictly in the order
they appear in the packet; a receiver must not, for example, scan
through a packet looking for a particular kind of extension header and
process that header prior to processing all preceding ones."

The need for this function arises from the requirement of RFC4443:

"(e) An ICMPv6 error message MUST NOT be originated as a result of
       receiving the following:

       (e.1) An ICMPv6 error message."

So, for instance, if we are sending an ICMP error because of a problem
with an extension header, we need to walk (process) the  other
extension headers to determine if the transport is ICMPv6 and if it is
then not send the error.

The comment is over fourteen years old! I would like to resolve
somehow as not being a violation of standard. Any ideas how to do
that?

Thanks,
Tom

v2.23.0 | Report a Bug | By Email