IETF Logo Mail Archive

RE: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 11 October 2013 15:55 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87C3A21F9E9F for <ipv6@ietfa.amsl.com>; Fri, 11 Oct 2013 08:55:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.407
X-Spam-Level:
X-Spam-Status: No, score=-6.407 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fdkKaR1YoAnj for <ipv6@ietfa.amsl.com>; Fri, 11 Oct 2013 08:55:12 -0700 (PDT)
Received: from blv-mbsout-01.boeing.com (blv-mbsout-01.boeing.com [130.76.32.231]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE0D21F9CF3 for <ipv6@ietf.org>; Fri, 11 Oct 2013 08:55:06 -0700 (PDT)
Received: from blv-mbsout-01.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r9BFt3nq030655 for <ipv6@ietf.org>; Fri, 11 Oct 2013 08:55:03 -0700
Received: from XCH-PHX-512.sw.nos.boeing.com (xch-phx-512.sw.nos.boeing.com [10.57.37.29]) by blv-mbsout-01.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r9BFt2JO030649 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Fri, 11 Oct 2013 08:55:02 -0700
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.85]) by XCH-PHX-512.sw.nos.boeing.com ([169.254.12.124]) with mapi id 14.03.0158.001; Fri, 11 Oct 2013 08:55:02 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: RE: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
Thread-Topic: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
Thread-Index: AQHOxjiFIvFLssN0lkiTRxOL+qsuc5nvpuMQ
Date: Fri, 11 Oct 2013 15:55:01 +0000
Message-ID: <2134F8430051B64F815C691A62D9831812C178@XCH-BLV-504.nw.nos.boeing.com>
References: <20131007144327.16131.88173.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net> <52530921.3060202@gmail.com> <Pine.LNX.4.64.1310071315370.13828@shell4.bayarea.net> <52534F31.2020906@gmail.com> <2134F8430051B64F815C691A62D9831811DA86@XCH-BLV-504.nw.nos.boeing.com> <52577B48.8030901@gmail.com>
In-Reply-To: <52577B48.8030901@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Cc: "C. M. Heard" <heard@pobox.com>, "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>, "draft-ietf-6man-ext-transmit@tools.ietf.org" <draft-ietf-6man-ext-transmit@tools.ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Adrian Farrel <adrian@olddog.co.uk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 15:55:18 -0000

Hi Brian,

> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: Thursday, October 10, 2013 9:15 PM
> To: Templin, Fred L
> Cc: C. M. Heard; 6man-chairs@tools.ietf.org; Adrian Farrel; draft-ietf-
> 6man-ext-transmit@tools.ietf.org; ipv6@ietf.org
> Subject: Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-
> transmit-04: (with COMMENT)
> 
> Fred,
> 
> On 09/10/2013 04:28, Templin, Fred L wrote:
> ...
> > When Wireshark encounters a header type 253 or 254, it assumes it is
> > an unknown extension header of length 8 bytes, then skips ahead and
> > attempts to parse anything that follows as additional headers.
> 
> They must have just made that up; there's no justification for it.
> It could be an unknown extension header of unknown length, or it
> could be an unknown payload of unknown length. In real life
> I'd expect firewalls to default-drop such packets.

It could be that Wireshark has some kind of inference engine that
says: "let's look ahead and see if the next octet looks like another
NEXTHDR field, and if so keep on plowing through". It certainly
surprised me. It might also be worth noting that tcpdump does not
take this leap of faith and stops when it hits the first 253/254.

> We'll note this issue in the Security Considerations.

OK - thanks.

Fred
fred.l.templin@boeing.com

>     Brian

v2.23.0 | Report a Bug | By Email