IETF Logo Mail Archive

Re: [IPv6] [OPSEC] [v6ops] [EXTERNAL] Re: Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)

Ole Troan <otroan@employees.org> Fri, 26 May 2023 09:13 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87603C151990 for <ipv6@ietfa.amsl.com>; Fri, 26 May 2023 02:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6z-m7HIquyv9 for <ipv6@ietfa.amsl.com>; Fri, 26 May 2023 02:13:45 -0700 (PDT)
Received: from proxmox02.kjsl.com (proxmox02.kjsl.com [IPv6:2607:7c80:54:3:250:56ff:fe9b:c983]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD80EC151709 for <ipv6@ietf.org>; Fri, 26 May 2023 02:13:45 -0700 (PDT)
Received: from proxmox02.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox02.kjsl.com (Proxmox) with ESMTP id F1BE1184871; Fri, 26 May 2023 09:13:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=Q/YAJk3WAZ5G5VAD 7LLdYVhuSsI8qUvJpCv34BhjMac=; b=Egf8DQK/YrSzRhl48ZsoDVX9dkCXL92k AJVTKXbssimPRyW1uHwFTb/+J6HnnwbkgJAMGdflOpsomotFdghb4/4+NyIHNecJ AKb2fJJGZzOTWDQy58FnikZz00yKGlJhxwT8wnqccOrGaUTfxxJ5G/YbRl2y5jP3 yY4bDxDyi+opxe83Is7NXkwlwh2MP5B4EZyKgZA9Bq70chzbY5HcPV4djYsEu7Bv 4PKQNLHdob01XiN6S/JbKIqqS/UEdiyY6rVxPhst01FUpk/bXalumZAyFENlgFST 7QIYHrlDX6tF6CosZcRHqH6Jv2YkjcW/pNEL4MPn3FYAJMW9CZykEQ==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox02.kjsl.com (Proxmox) with ESMTPS id CA01C18486C; Fri, 26 May 2023 09:13:44 +0000 (UTC)
Received: from smtpclient.apple (ti0389q160-4699.bb.online.no [84.202.42.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 5C2044E11B0F; Fri, 26 May 2023 09:13:43 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <CAHw9_iJyXiT=O5cMyy08bVq+U7VTtKTkR_60OfvrcCng8Joe5w@mail.gmail.com>
Date: Fri, 26 May 2023 11:13:30 +0200
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Albert E Manfredi <albert.e.manfredi@boeing.com>, Tom Herbert <tom@herbertland.com>, IPv6 Operations <v6ops@ietf.org>, 6man WG <ipv6@ietf.org>, opsec@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CC81C789-A751-43C6-9ABF-BC137B2E9803@employees.org>
References: <11087a11-476c-5fb8-2ede-e1b3b6e95e48@si6networks.com> <CALx6S343f_FPXVxuZuXB4j=nY-SuTEYrnxb3O5OQ3fv5uPwT8g@mail.gmail.com> <CAN-Dau1pTVr6ak9rc9x7irg+aLhq0N8_WOyySqx5Syt74HMX=g@mail.gmail.com> <a087b963-1e12-66bf-b93e-5190ce09914b@si6networks.com> <CALx6S349nNA8L5+_1hrbWayqp8GfTYypWy_SP57c_Xxams=csg@mail.gmail.com> <51a066b3-4b4c-d573-ffbe-d6b44a4f193f@gont.com.ar> <a411a1b0-c521-c456-3d44-d99a1cc0975b@gmail.com> <CWXP265MB5153E4687BE45480DBC5A531C2439@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <27d28224-0cb0-eec2-8d54-f0d175596c85@gmail.com> <f5758380-9967-b67b-744d-dc36b7b599ab@si6networks.com> <72784f8e65f34bcc9f5652c0a553c70c@boeing.com> <CALx6S373P2X-JRbCNpOCGuq_Cum0+OzJFRBkuQ64h5R52B7Dhw@mail.gmail.com> <222731ea012b4b0ebd7a51f72b5bcd40@boeing.com> <dd61024e-1bd8-ff3d-216f-22cc7600ad10@gmail.com> <CAHw9_iJyXiT=O5cMyy08bVq+U7VTtKTkR_60OfvrcCng8Joe5w@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YqocMPLILenH8umOXMv0aBS9BSI>
Subject: Re: [IPv6] [OPSEC] [v6ops] [EXTERNAL] Re: Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2023 09:13:49 -0000

> A well-implemented host will not be troubled by unkown extension headers or options.
> 
> Indeed. However, not all hosts are well-implemented. 

"Not be troubled by” == “drop”?
I don’t agree that a well-implemented host and application should blindly accept any and all extension headers.
If my application cannot use those extension headers why do you send them to me?
If they are purely for the use in the network, then again why do you expose them to the application?

If you can give some practical examples where it’s beneficial to “process” unknown extension headers by hosts/applications, then this may be a little easier to reason over.

O.

v2.23.0 | Report a Bug | By Email