IETF Logo Mail Archive

Re: A problem with RFC 6465's Uniform Format for Extension Headers

Hagen Paul Pfeifer <hagen@jauu.net> Mon, 03 February 2014 22:00 UTC

Return-Path: <hagen@jauu.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C6E41A0226 for <ipv6@ietfa.amsl.com>; Mon, 3 Feb 2014 14:00:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7evnsafeCljl for <ipv6@ietfa.amsl.com>; Mon, 3 Feb 2014 14:00:40 -0800 (PST)
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2001:4d88:1ffa:82:880:aa0:9009:64ae]) by ietfa.amsl.com (Postfix) with ESMTP id 873691A0208 for <6man@ietf.org>; Mon, 3 Feb 2014 14:00:40 -0800 (PST)
Received: from pfeifer by Chamillionaire.breakpoint.cc with local (Exim 4.80) (envelope-from <hagen@jauu.net>) id 1WARZ7-00054x-J5; Mon, 03 Feb 2014 23:00:29 +0100
Date: Mon, 03 Feb 2014 23:00:28 +0100
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: A problem with RFC 6465's Uniform Format for Extension Headers
Message-ID: <20140203220028.GA7123@virgo.local>
References: <20140130230740.25350.9524.idtracker@ietfa.amsl.com> <52EAF63A.7050108@si6networks.com> <20140203204716.GD1519@virgo.local> <52F00D8C.8060501@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9"
Content-Disposition: inline
In-Reply-To: <52F00D8C.8060501@gmail.com>
X-Key-Id: 98350C22
X-Key-Fingerprint: 490F 557B 6C48 6D7E 5706 2EA2 4A22 8D45 9835 0C22
X-GPG-Key: gpg --recv-keys --keyserver wwwkeys.eu.pgp.net 98350C22
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "C. M. Heard" <heard@pobox.com>, Fernando Gont <fgont@si6networks.com>, "6man@ietf.org" <6man@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 22:00:42 -0000

* Brian E Carpenter | 2014-02-04 10:43:40 [+1300]:

>Either solution works, but the firewall implementors might
>have a preference one way or the other. RFC 7045 says
>"Therefore, it is important that forwarding
>nodes that inspect IPv6 headers be able to parse all defined
>extension headers and deal with them appropriately,..."
>So the question is whether they would find a reserved
>range or a subtype easier to parse.

In the appendix of draft-pfeifer-6man-exthdr-res-01 I provided a patch against
Linux net-next-2.6 (see end of this email). In the end the compare do not
matter that match because one additional cmp is used which is fast.



diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c
index 14ed0a9..d7f2e97 100644
--- a/net/ipv6/exthdrs_core.c
+++ b/net/ipv6/exthdrs_core.c
@@ -4,6 +4,9 @@
  */
 #include <net/ipv6.h>

+#define        IP6_EXTHDR_RESERVED_MIN 245
+#define        IP6_EXTHDR_RESERVED_MAX 252
+
 /*
  * find out if nxthdr is a well-known extension header or a protocol
  */
@@ -18,7 +21,8 @@ int ipv6_ext_hdr(u8 nexthdr)
                 (nexthdr == NEXTHDR_FRAGMENT)  ||
                 (nexthdr == NEXTHDR_AUTH)      ||
                 (nexthdr == NEXTHDR_NONE)      ||
-                (nexthdr == NEXTHDR_DEST);
+                (nexthdr == NEXTHDR_DEST)      ||
+                (nexthdr >= IP6_EXTHDR_RESERVED_MIN &&
+                 nexthdr <= IP6_EXTHDR_RESERVED_MAX);
 }

v2.23.0 | Report a Bug | By Email