IETF Logo Mail Archive

Re: Non-Last Small IPv6 Fragments

Erik Kline <ek@loon.co> Thu, 10 January 2019 19:42 UTC

Return-Path: <ek@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44EC9131254 for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 11:42:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.498
X-Spam-Level:
X-Spam-Status: No, score=-9.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=loon.co
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLG_cik7eIUB for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 11:42:26 -0800 (PST)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B95B131242 for <ipv6@ietf.org>; Thu, 10 Jan 2019 11:42:26 -0800 (PST)
Received: by mail-io1-xd33.google.com with SMTP id l14so9895012ioj.5 for <ipv6@ietf.org>; Thu, 10 Jan 2019 11:42:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=loon.co; s=google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=o8klyECGOh7I+9/OxodM97VhKU2ryT5Ehen49/0YI3Q=; b=V8XPoiSI2y3E8MLpdP9cyQ8c9mh2IETIDlefuxsKz0hnK9Z8GqDJYKShyiA4dn8Qi2 PX2BwgBPu4H8EskrqKAt3TOl8vGReV34sGrUmX2//T+x8hQb56P6T0liHSCVeYbVq4TS OngRZHVxWbENH9yxU6U5IMj4IxcN4GOz7XR2s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=o8klyECGOh7I+9/OxodM97VhKU2ryT5Ehen49/0YI3Q=; b=LDSZL2AKtgBcr0NieazJLKP0tTEopyYjB9woFiTRhMxdxeI3BMpyuGeCKsUQlsk9Mb rNnZ+13kYxe1TC/cvaYHNRscM12Yk35dxeU/g1+LBEGotsviv/JyUxbfynRX/5AsScy1 ivc7r6UXISthpQoK1RvfkEmSVKuPtycMt9t9OgGYlamBFVEwEFFRYSkSybBBsnCN8wr+ D/CJvVVHq6z/gUI79bgQg9BscOfqvgLHYvlJ8ALb8rRDLoZCZ1kwEHgMwUXlXd7X/1QQ lFFutQAOGagzMZPLCsM5uJHt57qsleWwLGSGCkRV9xJvkQxO/2uGjg/seIxkdcMFrCJ0 jMAA==
X-Gm-Message-State: AJcUuketD+j41VVBd1n30MviIzQBJccSS6UyzsTnX/mwSFDvFxUIH0MK Wl4lSp28pFQsqjHmYwNKFOB5Qde/JK6ezOfvnYWrpb5efGk+IA==
X-Google-Smtp-Source: ALg8bN7qA3sNjqgXN6GVWhKEQB2wpCljTZRX6eBTVZD7ZS4G653LN+G6uU0fwisaHgCbCEfcCJxZDBqsv602f7DBOxQ=
X-Received: by 2002:a6b:7a0a:: with SMTP id h10mr7054925iom.114.1547149345442; Thu, 10 Jan 2019 11:42:25 -0800 (PST)
MIME-Version: 1.0
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com> <2AB3F16C-FC0E-4EF7-B1ED-1A97F2CEC69B@gmail.com> <BYAPR05MB42458F851962F26AE1E15CC4AE840@BYAPR05MB4245.namprd05.prod.outlook.com>
In-Reply-To: <BYAPR05MB42458F851962F26AE1E15CC4AE840@BYAPR05MB4245.namprd05.prod.outlook.com>
Reply-To: ek@loon.co
From: Erik Kline <ek@loon.co>
Date: Thu, 10 Jan 2019 11:42:11 -0800
Message-ID: <CAAedzxofmhokstWuq7mRWnd5PTz5WQaiDNnE8O_VHXF_PbK6nw@mail.gmail.com>
Subject: Re: Non-Last Small IPv6 Fragments
To: Ron Bonica <rbonica@juniper.net>
Cc: Bob Hinden <bob.hinden@gmail.com>, Timothy Winters <twinters@iol.unh.edu>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026e5f1057f1fc7b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/shLBWGl8_RYwPN2zcVQBIB_UZVs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 19:42:35 -0000

On Thu, 10 Jan 2019 at 11:32, Ron Bonica <rbonica@juniper.net> wrote:

> > I read some of the reports on the link, but am still not clear what the
> > underlying problem is.   Why does Linux have a problem with receving
> > intermediate fragments less than 1280?
> >
>
> Hi Bob,
>
> Might we be defending against an attack in which a packet contains:
>
> - An IPv6 header (40 bytes)
> - A Fragment Header (8 bytes)
> - A TCP header (20 bytes)
> - TCP Payload (1200 bytes)
>
> This packet doesn't need to be fragmented at all because the total length
> is only 1268 bytes. However, a mischievous source node divides the packet
> into 1200 fragments. The first fragment contains an IPv6 header, a fragment
> header, the TCP header, and one byte of the TCP payload. Each subsequent
> fragment contains the IPv6 header, a fragment header, and one byte of TCP
> payload.
>
> Are reassembly algorithms clever enough to protect against such attacks?
> If so, I don't see the problem either. But if not, we may have a problem.
>

I'm recently familiar with an IPv6 fragment reassembly implementation, as
it turns out.  The core implementation uses/makes liberal reference to:

    https://tools.ietf.org/html/rfc815

It works generally in terms of managing a hole descriptor list.  It would
successfully reassemble the sequence of packets you describe.  Whether
that's an "attack" or not, I don't really see it.  With local policy caps
on the lifetime of unreassembled fragment bits and so on, it seems possible
to limit and manage the total resources allocated to reassembly.

v2.23.0 | Report a Bug | By Email