IETF Logo Mail Archive

Re: Non-Last Small IPv6 Fragments

神明達哉 <jinmei@wide.ad.jp> Thu, 10 January 2019 18:55 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B20E9131208 for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 10:55:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.918
X-Spam-Level:
X-Spam-Status: No, score=-0.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfEJZgIGGdr5 for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 10:55:23 -0800 (PST)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E21FD131206 for <ipv6@ietf.org>; Thu, 10 Jan 2019 10:55:22 -0800 (PST)
Received: by mail-wm1-f43.google.com with SMTP id y139so79920wmc.5 for <ipv6@ietf.org>; Thu, 10 Jan 2019 10:55:22 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=97SJhSrFnDpbRQmkmws6KZ6j75g+7i4XTPDmhVuykFg=; b=H5e6EBmX0nNY/Aun6DEVxUWWJWfRoC/+o47QnES7DdulrwsXfg03YLEJBeAnzZBCEV gtigqrc/Y5ftZexiTnodjNq+uT3bOb5f+ikRXx/FrxcKnq7mVDBaYx/UuzXw4O3y0BCT +Syu8pCEQLIv1Q3r3YuQ+LQCdsq/5oCg9lv/3AffQx/5TJX/UdzFCamN8+rVARnV2Ai9 JTWT0oQNWQy/4tuYpTVRpLvVEDxrKMW8vf3wNTi4hTv0615Vx1GtZQBcYSNZ8klY2V28 r76r/QUsaBBMJnD47VzHJjXpvIQQasuz48/yIwJpSDxJSaE7oHcRGoX0sbK5ypm2w/Bt 3nSg==
X-Gm-Message-State: AJcUukdKgqA/GDpCI0y34pTPcQ5ieFEIPfnaYy2XxW9xmGTlDbtTWGUr xCtRytalUzpxhCRy04sfROCKv4+EGP6BcFe7amA=
X-Google-Smtp-Source: ALg8bN4rUQ6BZ7ovgNcfrDFnC7wc0RToEllYtlWLMUhMVvhN3ef+3CLCBjSfFjtDnpn+cRYTteLrHK8c3TiXDjx28HI=
X-Received: by 2002:a1c:760c:: with SMTP id r12mr51720wmc.127.1547146521039; Thu, 10 Jan 2019 10:55:21 -0800 (PST)
MIME-Version: 1.0
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com>
In-Reply-To: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Thu, 10 Jan 2019 10:55:09 -0800
Message-ID: <CAJE_bqe2MqH4WGZHcNeWiaBvvpYB2TEvMoOUWE523TSq-Bd0=Q@mail.gmail.com>
Subject: Re: Non-Last Small IPv6 Fragments
To: Timothy Winters <twinters@iol.unh.edu>
Cc: IPv6 IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cd5852057f1f1ee8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tkNyvVCfmCeEQu5S3iOBD6-srGA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 18:55:25 -0000

At Thu, 10 Jan 2019 10:33:20 -0500,
Timothy Winters <twinters@iol.unh.edu> wrote:

> The fix was to reject IPv6 fragments less than 1280 that aren't last
> fragment.  Section 4.5 of RFC 8200 allows for sending any fragment for
> fragments as long they add up to the original packet.  This means that an
> implementation that generates a non-last fragments with a size then 1280,
> will be dropped by the updated kernel.
>
> I'm willing to write a draft about the expected behavior, but before I do
> that I wanted to get the working group feedback on if we think an
> implementation should drop non-last fragments less then 1280.

I don't see a reason why an implementation can drop such fragments.
As you pointed out, the standard protocol doesn't prohibit it.  I
would even consider it "reasonable" (not just "allowed by the
standard") if an implementation divides a 1300-octet packet into two
650-octet fragments (ignoring common header overhead for brevity)
instead of 1280 + 20, even if there's currently no implementation that
actually does that.

Looking at the description about CVE-2018-5391 in
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
my guess is that "the attack" is to send many small fragments (perhaps
also in random order?) in an attempt of increasing the management
overhead to the level of denial of service.  If I'm correct, I see
that such a possibility of attack allows an implementation to
introduce some implementation-specific limitation, but I think
dropping non-last fragments smaller than 1280 octets goes too far for
that purpose.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email