Re: Validation of Packet Too Big Payload using Echo Request

otroan@employees.org Thu, 30 January 2020 08:46 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23FD6120115 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 00:46:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SZDuYKCBH1e6 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 00:46:45 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A82E12010F for <6man@ietf.org>; Thu, 30 Jan 2020 00:46:44 -0800 (PST)
Received: from astfgl.hanazo.no (unknown [IPv6:2a01:79d:53aa:d30:fc8a:d6d2:e1dc:cd64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 164624E11B41; Thu, 30 Jan 2020 08:46:43 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id EDF992A75A2D; Thu, 30 Jan 2020 09:46:38 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Subject: Re: Validation of Packet Too Big Payload using Echo Request
From: otroan@employees.org
In-Reply-To: <F4F6D67D-68B6-476C-94C2-2E68F3504CCC@apple.com>
Date: Thu, 30 Jan 2020 09:46:38 +0100
Cc: Timothy Winters <twinters@iol.unh.edu>, 6MAN <6man@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <26C02BD5-96CC-44D1-9CCB-00DE059D40D9@employees.org>
References: <F4F6D67D-68B6-476C-94C2-2E68F3504CCC@apple.com>
To: Prabhakar Lakhera <plakhera@apple.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tMwAETXo0j6fj5KVTUKzjOMUKTU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 08:46:47 -0000

Prabhakar,

> I believe it is ok to leave the RFC 8201 as is.
> It is the test that needs to be looked at.
> 
> Inline:
> 
> On Tue, Jan 28, 2020 at 3:10 AM <otroan@employees.org> wrote:
> 
>>> The IPv6 Ready Logo Committee updated testing to include a test for validating the Packet Too Big message content based on the following part of 8201.
>>> 
>>> "Nodes should appropriately validate the payload of ICMPv6 PTB
>>>   messages to ensure these are received in response to transmitted
>>>   traffic (i.e., a reported error condition that corresponds to an IPv6
>>>   packet actually sent by the application) per [ICMPv6]."
>>> 
>>> I've included the steps below used to verify the IPv6 implementation validates the Packet Too Big.
>>> 
>>> Step
>>> Action
>>> Expected Behavior
>>> 1. TR1 forwards an Echo Request from TN2 to the NUT.  The packet size is 1500 octets.
>>> The NUT should respond without fragmenting the packet to the Echo Request using TR1 as a first hop.
> 
> Please note, that for most implementations ICMPv6 Echo Reply are not generated by some application.
> They are generated by the system by reflecting the ICMPv6 Echo Requests and are sent unreliably and without keeping any state.
> 
> On the other hand, for UDP, one can validate the ports. For TCP one can also compare sequence numbers.
> 
> The point is the different level of validation might be possible with some protocols and for some protocols, like being tested for ICMPv6, it is not.
> 
> Changing the behavior for stack implementation for the test would require stack to become stateful and not just fire and forget ICMPv6 replies.
> It also would require the replies to be held onto sometime. That IMHO has unnecessary complexity, overhead and security implications.
> 
> It is ok to leave the RFC as is but it needs to be interpreted correctly for any compliance requirements.
> 
> Frankly, I think for compliance this should be treated as a *SHOULD* and not as a MUST.

Yes, I think that's a correct interpretation.
That's what 8201 says too. "Nodes should appropriately validate..."

How that is implemented depends on the implementation.
Receiving an ICMP PMTUD as a consequence of an application sending an Echo request, is easier to implement than a fire and forget response as the ICMP echo reply would be.
It is possible to implement, e.g. an implementation could keep a short list of last sent packets containing the fields relevant for validation.

In the cases where you cannot do validation, what do you do?
Failing open, and accepting the PMTUD or failing closed and silently dropping it?

>>> 2.
>>> TR1 transmits a Packet Too Big message to the NUT with an ICMPv6 Identifier does not match the Echo Reply in Step 1.
>>> 
>>> 3.
>>> TR1 forwards an Echo Request from TN2 to the NUT.  The packet size is 1500 octets.
>>> The NUT should respond without fragmenting the packet to the Echo Request using TR1 as a first hop.
>>> 
>>> We received a comment that this validation shouldn't apply to ICMPv6 and it should only apply to TCP or protocols that have state.   Do we think this only applies to TCP or is it valid for all traffic?
>> 
>> RFC8201 is a network layer mechanism, and the paragraph above applies to
>> all packets sent by the node. Regardless of transport layer protocol.

Cheers,
Ole