IETF Logo Mail Archive

RE: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 11 October 2013 16:33 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7271621E805D for <ipv6@ietfa.amsl.com>; Fri, 11 Oct 2013 09:33:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.423
X-Spam-Level:
X-Spam-Status: No, score=-6.423 tagged_above=-999 required=5 tests=[AWL=0.176, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqxfVwqU5DfL for <ipv6@ietfa.amsl.com>; Fri, 11 Oct 2013 09:33:34 -0700 (PDT)
Received: from stl-mbsout-01.boeing.com (stl-mbsout-01.boeing.com [130.76.96.169]) by ietfa.amsl.com (Postfix) with ESMTP id A1FF421E809B for <ipv6@ietf.org>; Fri, 11 Oct 2013 09:33:28 -0700 (PDT)
Received: from stl-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by stl-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r9BGXPfF010895 for <ipv6@ietf.org>; Fri, 11 Oct 2013 11:33:25 -0500
Received: from XCH-PHX-409.sw.nos.boeing.com (xch-phx-409.sw.nos.boeing.com [10.57.37.40]) by stl-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r9BGXOcX010872 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Fri, 11 Oct 2013 11:33:24 -0500
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.85]) by XCH-PHX-409.sw.nos.boeing.com ([169.254.9.131]) with mapi id 14.03.0158.001; Fri, 11 Oct 2013 09:33:23 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: RE: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
Thread-Topic: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
Thread-Index: AQHOxjiFIvFLssN0lkiTRxOL+qsuc5nvpuMQgAAJ0xA=
Date: Fri, 11 Oct 2013 16:33:23 +0000
Message-ID: <2134F8430051B64F815C691A62D9831812C229@XCH-BLV-504.nw.nos.boeing.com>
References: <20131007144327.16131.88173.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net> <52530921.3060202@gmail.com> <Pine.LNX.4.64.1310071315370.13828@shell4.bayarea.net> <52534F31.2020906@gmail.com> <2134F8430051B64F815C691A62D9831811DA86@XCH-BLV-504.nw.nos.boeing.com> <52577B48.8030901@gmail.com> <2134F8430051B64F815C691A62D9831812C178@XCH-BLV-504.nw.nos.boeing.com>
In-Reply-To: <2134F8430051B64F815C691A62D9831812C178@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Cc: "C. M. Heard" <heard@pobox.com>, "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>, "draft-ietf-6man-ext-transmit@tools.ietf.org" <draft-ietf-6man-ext-transmit@tools.ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Adrian Farrel <adrian@olddog.co.uk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 16:33:40 -0000

Sorry Brian; here is the correct explanation:

> > They must have just made that up; there's no justification for it.
> > It could be an unknown extension header of unknown length, or it
> > could be an unknown payload of unknown length. In real life
> > I'd expect firewalls to default-drop such packets.
> 
> It could be that Wireshark has some kind of inference engine that
> says: "let's look ahead and see if the next octet looks like another
> NEXTHDR field, and if so keep on plowing through". It certainly
> surprised me. It might also be worth noting that tcpdump does not
> take this leap of faith and stops when it hits the first 253/254.

What is actually happening is that Wireshark assumes that the octet
that follows the NEXTHDR field that encodes 253/254 is a length field
and then seeks ahead by the number of octa-words indicated by the
"length".

In the case of my experimental protocol (SEAL, of course), the octet
that follows the NEXTHDR is *not* a length field, i.e., the same as
for the IPv6 fragment header. It just so happened that the octet
encoded the value 0 making the experimental header look like an
8-octet field. When I change the value to something other than 0,
Wireshark fails.

But, in the final analysis, there is no justification for assuming
that the field that follows the NEXTHDR field is a length field.
It's just that you might get lucky once in a while.

Thanks - Fred
fred.l.templin@boeing.com

v2.23.0 | Report a Bug | By Email