IETF Logo Mail Archive

RE: Validation of Packet Too Big Payload using Echo Request

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 29 July 2020 21:41 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7069F3A02F9 for <ipv6@ietfa.amsl.com>; Wed, 29 Jul 2020 14:41:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jOhXVaU4; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0aaxP+Fj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YE0_eQBcoXf for <ipv6@ietfa.amsl.com>; Wed, 29 Jul 2020 14:41:42 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436603A0141 for <6man@ietf.org>; Wed, 29 Jul 2020 14:41:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17350; q=dns/txt; s=iport; t=1596058902; x=1597268502; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=U8PCa5qeOP29+AxIs0TYG91V5PQPpZfylb4rsge09FI=; b=jOhXVaU4FnuLBQml00dvV+4pCtCHpM4tTtkUwK7xkWy/bw5i72N15xMH IV6+RxoWjNbK7GRGgpy9pV7rYbmp5FUOIWAerTr/bjPYbUDEUbxrKIhqs 2+HP2HnJ5Jrd4mQBOIeOUDLxYAhi6M+EdcU0LzmT450yq+iH9tma1xyvm U=;
IronPort-PHdr: 9a23:/dHYIhyGwytWgLDXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZRaDt/lohUXCG4TW9/wCjPDZ4OjsWm0FtJCGtn1KMJlBTAQMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS8r7bkfZ5Hy/8TBUHQ/wZkJ5I+3vEdvUiMK6n+m555zUZVBOgzywKbN/JRm7t0PfrM4T1IBjMa02jBDOpyhF
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C3AAB27CFf/5hdJa1gGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBggqBIy9RB29YLyyENYNGA41Ok3WEbIFCgREDVQsBAQEMAQEYAQoKAgQBAYRMAheCDQIkOBMCAwEBCwEBBQEBAQIBBgRthVwMhXEBAQEDAQEBEBEKEwEBLAsBBAsCAQgRBAEBKAMCAgIlCxQJCAIEAQ0FCBqDBYF+TQMOIAEOpQgCgTmIYXaBMoMBAQEFhRYYgg4DBoE4AYJug1+GPxqBQT+BEUOCHy4+axkBgVcBAQKBQxwVFgmCYDOCLY9XgxmGXYslMY9ggQUKgl+VCYUXgnuJS4geixBEkVyfHwIEAgQFAg4BAQWBaiOBV3AVO4JpUBcCDY4eg3GFFIVCdAI1AgYBBwEBAwl8jSEtghcBAQ
X-IronPort-AV: E=Sophos;i="5.75,411,1589241600"; d="scan'208,217";a="519714597"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Jul 2020 21:41:41 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 06TLffVL026978 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 29 Jul 2020 21:41:41 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 29 Jul 2020 16:41:40 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 29 Jul 2020 17:41:39 -0400
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 29 Jul 2020 16:41:39 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G++Nq3hO/Jlk7g6WyQ/FEtF8Hh+IZEEnTdNa2IbEfPbE0ulzDIkENvFFpc5uKKAJr+U6y8VhcPh0fMQZqgnIdDCKliFWKwKyJUrMt4AqgxpxqKu4a+JXSc9edJ1iFVLAcvVK4ArPLL9GddkFCT0gZKIwFrkz7cDS/wPhRgtvU6A7yaVxpJSA1MCqKUFdAq/sqwZIXCxtdBZwZ21FB7xfW1xHFM79L6RlUv8dWYpH/6ZVYINFbT1B+kKiiMbMVAIa+HCcdaSVQEoeVN2n7aJxstfhMzA22sEdphN1jLaPHEySJodh2EzhoZTgpLct1mUNo+A9mbqP8u6bOGK3VEbmTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U8PCa5qeOP29+AxIs0TYG91V5PQPpZfylb4rsge09FI=; b=TUJcH70NtZzjdNPOguH3OHucw5/Xz8AsHa3V5wsU/rsy4uQB/TqEep5cosxtkbN7gVUKKTOZZwuSw+slYtchWqZ2fSdESppG6T2wUMJNJA0V05lM+QZXzDE56CbNgQM8gwWUyhNyeYJNTIwIJWuoYJz6IdyVFRGnhZsGYcbbVpIecVmqY+j+hoai67JWghyDeQ4PaCIs5OfoioZLc4j51/2kmWRRfqg75zUSjMP/0Ta2Zs4Kig6uCKS6M1OxCI0v0yRJTTp0j5YC0JOezWdpxG4nZcYo4IpIoVzOz8WFBpWQIW3XQ+cBnEGUEWNyoQh8hlqBkQk7M/dprBHi0rx9WQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U8PCa5qeOP29+AxIs0TYG91V5PQPpZfylb4rsge09FI=; b=0aaxP+Fj4yDRUyjqEV2upBSrg8GWRZ1G9CXzDy18UAIM47j59vnXCWuETHTZOSTJL5dG3Rm+l1RSlmthpQTwZrX35nt5M1QpvuFqEp/qcmdwHViw25c7Ip6vdKOz3oU5YJ/eXwgVOil7c4H+c9cO8vmAJWyp+g39wI8o2004Tms=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB2888.namprd11.prod.outlook.com (2603:10b6:a03:8c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17; Wed, 29 Jul 2020 21:41:36 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::c0a8:f52f:8d8d:ebff]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::c0a8:f52f:8d8d:ebff%5]) with mapi id 15.20.3239.017; Wed, 29 Jul 2020 21:41:36 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Timothy Winters <tim@qacafe.com>
CC: 6MAN <6man@ietf.org>, Shawn Zhang <yuanshan_zhang=40apple.com@dmarc.ietf.org>, Timothy Winters <twinters@iol.unh.edu>, "plakhera@apple.com" <plakhera@apple.com>
Subject: RE: Validation of Packet Too Big Payload using Echo Request
Thread-Topic: Validation of Packet Too Big Payload using Echo Request
Thread-Index: AQHWZNUPOD4D8FoVjkexTRFjz7o5f6kc42wAgAGTOACAAKDMIA==
Date: Wed, 29 Jul 2020 21:41:31 +0000
Message-ID: <BYAPR11MB320702C74CED4DAB4F46144AC0700@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <26C02BD5-96CC-44D1-9CCB-00DE059D40D9@employees.org> <20200728114355.GF39464@shawns-mbp.lan> <CAJgLMKuzreN7Er5yebbxtZWwp-A1EXuqAYaF6ZgqF6NyhaPaFA@mail.gmail.com> <CAKD1Yr0MWME0Te6Sek5Kyi_TZT2sPo_HPoZce5rrU1oJSxsYBw@mail.gmail.com>
In-Reply-To: <CAKD1Yr0MWME0Te6Sek5Kyi_TZT2sPo_HPoZce5rrU1oJSxsYBw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:79e3:6287:19e5:44a0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 839e73cf-1a15-4a5d-9584-08d834082b84
x-ms-traffictypediagnostic: BYAPR11MB2888:
x-microsoft-antispam-prvs: <BYAPR11MB288877A684BA5A63F342621DC0700@BYAPR11MB2888.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IKeAvsVjQnbDmxCeA+9HaB3UsQ8K0edu+142eK2YXipMSXP3i0PQX1+PcMRj9P9MGzBdnoH+XiNwyXRe86Dz0GHkVQDPsjv3OEpVw2f0w2HMcGp/IwOMCJ07FVd9VDz8VOZQOnJ7qwNP7UTLvgptvHoJps8gJlSZNRC1Hq2A/tI8NdZUgO22+6SBUTa/8SWSyLoYopv2VmqMXzYR6gkWF/oSlVYhEi0YY3uSkaDBXFErgquOdYMOikSZt1iZKzxI+GkIsk/hfEocZ48CGj+qy4bhPMyjW/55ls/ZG6xYbiQhpunHL+NV5XCpWzrAHZLXHn8TB0O6stu0gBKqIhkzpp1I8opMN+YD8VfmzhZwfFnXQWR9WxzUWOOOX2Kw9wNn/Of4A74BQnqu409RlhvqpA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(366004)(346002)(136003)(396003)(39860400002)(53546011)(7696005)(66946007)(6506007)(66476007)(166002)(76116006)(64756008)(66446008)(8676002)(66556008)(5660300002)(33656002)(4326008)(966005)(186003)(9686003)(316002)(8936002)(478600001)(52536014)(71200400001)(83380400001)(55016002)(54906003)(110136005)(86362001)(6666004)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: okyjHwRMjHqrGicEdFhaRvL5rUtNlsbjz5z9oIea5zKgh3gvwjv8ekjNRHfHnb5ozjycAKscmRbLgMU0fe5MBI6xwTBBMlKL3mglOR4pnWgDBYkQEytNnipjcmu2SLidfwLj23AoJBCa/rrYz7NcCPYHTK5e+ddxV/bRquEOodKUtmTZ/lcQLXtC3xmsULjM4bgWU2YBa/F/1ZetQQ0un0EPxGYKwoKVzJ6bpVjsNQhhEWppwg8kaeOBch50eGzg6buGLtXq0RP42hguzgGL8M3l74bvuP1fSdHO9YWlqqoLI/cJPdzHssJKp2C3LeHk/kKWjO9SVbtuNHIUKaVzdscQMNqpyaMD6ZfHWP69IHifoTtTf7eeGU94RoPlxgt64zs3OMTkcK7PabhYmSD7ZY/SMDKrOyrWeGi2FK8kqMEoOkVrcGElChChMP+R/tYSpfhMSoD8nRjhUbo+SMqFcalayfm1lFva6S+HqKtriUIzPc/TAx0/fgT6gC8pZy055VTqgLs33yiIuTnYa0ZuPUy833yKdwZXDt6Qsm3hjs1VQ3TtEgqLBn5fffEOqxzs9esWIBPT9q2VY+BO+tet9f5EfhWj0R5bX08DRPlRQxarBC98eLAcRitQlmZtqbxBv9KD6zl322islbDFa8TNWBWVINDpclwRK4xQOEuNx3CN+bbakxmmlkvIwA80wnT8T6lUi1HS96zihBvWA37kBA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB320702C74CED4DAB4F46144AC0700BYAPR11MB3207namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 839e73cf-1a15-4a5d-9584-08d834082b84
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2020 21:41:31.7697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sb3RBK19D7n7wFWJM4u8sRR1W6WrEAcxq7cawZDl393omo/hsB6FB2iUKnoDY9sW9GJtLRRs/1PCCsRsx4RTkw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2888
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/icXAS3regyPSqyHGa4Nd2DtDsnU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 21:41:45 -0000

Don't associate the PMTU with a socket.
Associate it with the destination IP.
That is, of course, a DOS vector, so apply the appropriate caching strategies.

For example, if two sockets from different apps go to the same destination IP,
then a PTB from that IP should apply to both sockets.

Regards,
Jakob.

From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Lorenzo Colitti
Sent: Wednesday, July 29, 2020 5:03 AM
To: Timothy Winters <tim@qacafe.com>
Cc: 6MAN <6man@ietf.org>; Shawn Zhang <yuanshan_zhang=40apple.com@dmarc.ietf.org>; Timothy Winters <twinters@iol.unh.edu>; plakhera@apple.com
Subject: Re: Validation of Packet Too Big Payload using Echo Request

I'm not sure that the desired behaviour is reasonably implementable. Wouldn't it require the sending node to keep state on all packets it had ever sent? For how long?

The implementation can relatively easily check if a PTB matches an *existing* socket. But what if the following happens?

1. App opens UDP socket, sends packet.
2. App closes socket.
3. PTB arrives for packet in step #1.
4. App opens socket on same port again, sends identical packet again.

If the stack rejects the packet in #3, arguably it makes things worse. But accepting it is difficult without keeping state on sockets after they are closed, which is both ill-defined (how long do you need to keep the state?) and potentially expensive / exposing a DoS vector.

On Tue, Jul 28, 2020, 21:00 Timothy Winters <tim@qacafe.com<mailto:tim@qacafe.com>> wrote:
Hi Shawn,

If you are referring to the IPv6 Ready Logo Core Test Specification for this, we have a possible problem for this validation test case for devices that don't track ICMPv6 connections.


"Possible Problems:  If the device under test does not support tracking connections for ICMPv6 this test case may be omitted."



If you have other questions about IPv6 Ready please feel free to take this to the info@ipv6ready.org<mailto:info@ipv6ready.org>.



~Tim

On Tue, Jul 28, 2020 at 7:48 AM Shawn Zhang <yuanshan_zhang=40apple.com@dmarc.ietf.org<mailto:40apple.com@dmarc.ietf.org>> wrote:
Hi Ole,

I am reviving this thread.

>> Frankly, I think for compliance this should be treated as a *SHOULD* and not as a MUST.

> Yes, I think that's a correct interpretation.
> That's what 8201 says too. "Nodes should appropriately validate..."

Since RFC8201 says “SHOULD” instead of “MUST”, should this test be removed from the compliance test as it is not a mandatory behavior?

IMHO, since the smallest packet size is capped at 1280, it won't cause too much risk  even if we don't verify it using Echo Request here.

Bests,
Shawn

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email