IETF Logo Mail Archive

Re: [pim] draft-ietf-pim-igmp-mld-extension WGLC

Stig Venaas <stig@venaas.com> Thu, 21 January 2021 19:54 UTC

Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94BBF3A0B32 for <pim@ietfa.amsl.com>; Thu, 21 Jan 2021 11:54:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venaas-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QtLAf-4lW76t for <pim@ietfa.amsl.com>; Thu, 21 Jan 2021 11:54:34 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A8D03A0B29 for <pim@ietf.org>; Thu, 21 Jan 2021 11:54:33 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id q2so6439595iow.13 for <pim@ietf.org>; Thu, 21 Jan 2021 11:54:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9Gg//tgV3kdMQxFSF/O+z8u0zg35/qwxiL+cILVdKM4=; b=vJ29Bh/vV8eUhhITZd/UmFpLAG3gfOm1I+LMl9+z2KuTMez/Y+pfxAUn1mO7BWbA0q L7wHl1qYzlCiw62QbaW+SITK8QCB5KJw3UYgC+XnF20QqeGVAOEQ4uSg7pSCRNEHgJi3 CJAWrdIY+K15ki5cvL4eQgTk6W+LnW6WGobnTOig0AkdzXhsUfsApePmaMYEVWTnlVIG WwIamoBc1RhTgFrEID41jPunlAt7009kS9idI6Guda9OUuP/n3w6U3Dki54O2V7udnGP vXqVoisUDxyXLKtqGrtQpjrCfN+CC4F05qDszn+Is8E90t7SC/NWcGUO40CeYlG+G2Rm 4MQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9Gg//tgV3kdMQxFSF/O+z8u0zg35/qwxiL+cILVdKM4=; b=UEAIdXgrLvRiEaytLWYGVgzVfbRZDVdoR+cwuFpo4Rx5kcjUi5MOxWgetozU6qWV1k oWboRJWIOomhWUWC7k/ueJcfGMOHhSy96ub0vlrHn/HMSjhqxSWpHjdB+Ey69Y5NeewR Uh06SVKIjm+kf0tQyJyfe1xCxVV8O6d19KB1K7Fxu7szoWb6jh+E8xdaKmfV+loVJuLY cDm4ornOiAVDPTKy/Dubik4AIsxY3AGJ4iz3AS/4ny5/cdpVUVlLqlhQSvB3GIPIOL66 /O+mAC4Ws1Ad3+Hwu50xc1UzrEVqQZ3zESjreEWHVzcK4PpVIblfyvS4fJJw3wW4VWJi w2kg==
X-Gm-Message-State: AOAM533lFwqmX/XAf3afqSYfi23eHdsYgEvwL1SrlRGOXe39lNR6n+a0 6YZc2XPVLRSKWZn/VD9yB2p4+LdDJfGKxmePoORdmQ==
X-Google-Smtp-Source: ABdhPJzv8WpPBWZeQhgOEjGEvtyJh9YsaqYeChKn69PjOk5IXEInEVwdfWEmIUn93fiGlLMbo8h8Dzi1eMZ0FTaDc3g=
X-Received: by 2002:a05:6e02:1d09:: with SMTP id i9mr1116332ila.207.1611258873063; Thu, 21 Jan 2021 11:54:33 -0800 (PST)
MIME-Version: 1.0
References: <BYAPR13MB25823AD8346977BC1FDE03BAF4CD0@BYAPR13MB2582.namprd13.prod.outlook.com> <MN2PR05MB598123DADDC8916389A69111D4C50@MN2PR05MB5981.namprd05.prod.outlook.com> <CAHANBtL7FXijAajqmz-vU+vZ_OUZ7XS7wynZgHF-x9TSukRhDA@mail.gmail.com> <CAHANBtLsasH1ZTT4tmLwvLaQ3NE4KuOzrmb_fqOcH3fcapUWkg@mail.gmail.com> <A725AB8B-6F24-45C1-BF44-854DD115EAE4@akamai.com> <CAHANBtJEHOKKYJER7wPPTAjpAb90LC0GiaU1QhE+4-wFeuNupA@mail.gmail.com> <1E3BA012-B836-43E6-92EC-9992531A3813@akamai.com>
In-Reply-To: <1E3BA012-B836-43E6-92EC-9992531A3813@akamai.com>
From: Stig Venaas <stig@venaas.com>
Date: Thu, 21 Jan 2021 11:54:22 -0800
Message-ID: <CAHANBtKEYwu=f4-JMmT-BA865Ft7H0jo2JX3fQbh+2=KSaDXGQ@mail.gmail.com>
To: "Holland, Jake" <jholland@akamai.com>
Cc: "Jeffrey (Zhaohui) Zhang" <zzhang=40juniper.net@dmarc.ietf.org>, Leonard Giuliano <lenny@juniper.net>, "jakeholland.net@gmail.com" <jakeholland.net@gmail.com>, "pim@ietf.org" <pim@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/4c4tUEzodpS_OsccY66KW49BMRc>
Subject: Re: [pim] draft-ietf-pim-igmp-mld-extension WGLC
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 19:54:37 -0000

Hi Jake

I just posted revision 04 that I think should address your comments.

Agree buffer-overflow is a big concern in general, I'm happy to call
it out in the document.

Thanks a lot for your time,
Stig

On Tue, Jan 19, 2021 at 11:43 AM Holland, Jake <jholland@akamai.com> wrote:
>
> Hi Stig,
>
> On 1/19/21, 10:21 AM, "Stig Venaas" <stig@venaas.com> wrote:
> > I do believe TLVs really is flexible enough for any future extension
> > and I mentioned this since people might question why we don't need
> > Additional Data when the extension is used. But I can certainly remove
> > this. The main point is that there is no data besides the Extension
> > TLVs. I'll try to improve this text. Of course we are also able to
> > extend IGMP/MLD in other ways when not setting the E-bit if we want.
>
> I agree it's likely to be flexible enough, but I have minor reservations
> about stating it as a known fact (as in -03), because it's hard to be
> certain that all future needs will be fully compatible with the semantics
> defined for these TLVs. (And I agree if it happens then it can be covered
> by using something else other than the E-bit).
>
> I'm not sure it needs anything pointing out the flexibility to future
> needs, but if you think it will help forestall questions to include it,
> even just "is flexible enough" -> "is expected to be flexible enough"
> would address my reservation.
>
> >> 1.a.
> >> Sorry, I should have noticed this in my first review.  But while revisiting
> >> this, I noticed that the MLDv2 and IGMPv3 specs call the extra data field
> >> "Auxiliary Data", but this spec calls it "Additional Data".
> >>
> >> This seems like a point of possible confusion, is there a reason not to call
> >> it "Auxiliary Data" in this doc as well?
> >
> > The specs define both Additional Data and Auxiliary Data. The former
> > is at the end of the IGMP/MLD messages, which we are using. The latter
> > is potentially auxiliary data at the end of a group record. We are not
> > using that.
>
> Ah, thanks, my mistake.  I think the reason I missed it in my first review
> was because I understood it correctly that time and then forgot.  Sorry
> about that.
>
> >> 2.
> >> In section 3 the 2nd to last paragraph says there MUST be no data
> >> in the message after the last TLV:
> >>    There MUST be no data in the message after the last TLV.  The TLVs
> ...
> >> This wording I think is confusing on a few points:
> >> - "in the message" is sort of unclear (e.g. it could refer to the IP
> >>   payload length, at least for the last group record).  Although the doc
> >
> > Yes (except additional not auxiliary). Perhaps it is best if I refer
> > to bytes remaining in the IP payload.
>
> Yes, to me something like one of these would be an improvement over "in
> the message":
> - in the IP payload
> - in the Additional Data field
> - in the Additional Data field, which extends to the end of the IP payload
>
> (please disregard the rest of my comment #2, it was based on my mistaken
> reading thinking you were using Auxiliary data.)
>
> >> 3.
> ...
> > This sounds good. Thanks, I'll use this. It is pretty common to draw
> > the figure like this even when no alignment is expected, but I think
> > I'll point out that there is no alignment or padding.
>
> Cool, thanks.  I agree the figure seems fine to me.
>
> >> 4.
> >> I find this design a bit troubling:
> >>    Also if a TLV has a length exceeding the remainder of the
> >>    message, that TLV is ignored, and further TLV processing stops.
> >>
> >> As an implementor, if I see this scenario I would tend to assume that
> >> I'm talking to an implementation that is using a different non-standard
> >> meaning for the E bit and the Auxiliary Data (or perhaps an attack
> >> packet), and I would think the better choice is to discard the entire
> >> Auxiliary Data and treat it as though the E bit was not set, ignoring
> >> all the TLVs.  (I assume this should be OK since the Auxiliary Data can
> >> be ignored anyway by the devices that don't know about it.)
> >
> > When the E-bit is set, one should be following this document, but of
> > course there may be bugs or attacks. I'm fine with being strict as you
> > suggest, the only downside is that one will have to validate this
> > before applying any of the TLVs. Since the length does not have to be
> > a multiple of 4, I think it might be best then to require that the
> > last TLV ends at the end of the IP payload (no trailing bytes).
>
> Yes, I think that's right.
>
> I hope that's not too bad a downside, I think it sounds ok to me.  And on
> the upside it's maybe slightly more likely to get length-checked properly.
>
> It's a minor point though, if you prefer to leave it alone I won't object.
> I maybe sometimes worry more than is necessary about the sad state of
> buffer-overflow avoidance strategies in networking.
>
>
> Thanks and regards,
> Jake
>
>

v2.23.0 | Report a Bug | By Email