Re: [pim] Updates to draft-ietf-pim-igmp-mld-extension, WG input wanted
Stig Venaas <stig@venaas.com> Fri, 03 June 2022 17:24 UTC
Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3938C14F75F for <pim@ietfa.amsl.com>; Fri, 3 Jun 2022 10:24:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venaas-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-NTyNPGKJ_u for <pim@ietfa.amsl.com>; Fri, 3 Jun 2022 10:24:48 -0700 (PDT)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21604C14F6E7 for <pim@ietf.org>; Fri, 3 Jun 2022 10:24:47 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id y189so7614498pfy.10 for <pim@ietf.org>; Fri, 03 Jun 2022 10:24:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ErnpZY4tLRrQEsVxAofMPPfY8/WbtTkuxImic9PDpVo=; b=MA3eDf1VUW/dzWaF2T9/rBzCBRfrNOqHiynRWfdQv+8vtWqAO6eG8LO3S9wpVPRm/A x1frXAwfbtIKdzu9b8BuWEtGpaFoGOsSz3tVh5hjjIQydYmOl1i4ldQnBkunNFC+TZJF PLSEXVq+nPFsJtO+Ks6GIziPU8o/p9GuatmeLUyEi+0RBBH2aG10T3qkMA4wynrpDpTa bXTUuiU+x1mTPP7LCPARjIeqFdMJcKVyLJtSkPMz+InjebLum2sy+xpzdP/jKkydkKv5 gkwdP6dgzV5SNeZwTn8SDfMi8659Z0ceadlA2Fgw1hFWghuuTn2FGmhS+ltbmNTetFsJ 5+JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ErnpZY4tLRrQEsVxAofMPPfY8/WbtTkuxImic9PDpVo=; b=mHXNSoITDs7dhO7tu8iqBeXYK2TbQ3ndUfndjpGiMDSMZAXvOOl7ohXU6GH+NtPooQ 7G+NgHeF1fOnjsjoDsn4EEsol/oKfCOf/W5mBH5txs/yusvHZ05shzqBYn6J1CriHEaE 9V/q8fsB2pOM23tX8q7c69RV7sEwcgOr/1wmHTktXbv3eOqOaARZoxgwFAb7hxSC3WRf 8SRQsnCaSW3+EFp57vegK8lybirE8DktnCRk8lv9SoMw4uSrsgvWqCkd8NNIQ20Bd0S+ bpG0Z8ZHkNioj31nWAXggoe3EjqdSUgOHIOSJlwuFMQNiVMeACnzG7ZHv0Z+MG8czfM3 8f8Q==
X-Gm-Message-State: AOAM532i1dxyGUBwyek9DUQf2yCSaR0WIXkESaKdYFy0hqlgxnrbUeJj a3QsYhsxKu8wu+ptCJ4zcNvfPh/DZJKDtbcoxXzzXClSe7w=
X-Google-Smtp-Source: ABdhPJzkEuC/rPM/RayQesT8MaalXOqxPKWCST7OZr5ljwUOIouuSzxbkCbgjmMJB/y6zlTozkEUoplBArV5w5gwUEw=
X-Received: by 2002:a62:1553:0:b0:51b:e0fe:ea34 with SMTP id 80-20020a621553000000b0051be0feea34mr4433285pfv.23.1654277087279; Fri, 03 Jun 2022 10:24:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAHANBtJjNtipwPCVm5Vup1P+vU7p_RCMycKn-6K5Du58f1dT3g@mail.gmail.com> <C3CD568B-BB5A-4658-90C8-EF021200349B@tsinghua.org.cn>
In-Reply-To: <C3CD568B-BB5A-4658-90C8-EF021200349B@tsinghua.org.cn>
From: Stig Venaas <stig@venaas.com>
Date: Fri, 03 Jun 2022 10:24:36 -0700
Message-ID: <CAHANBtLW-5i64=MjXFX2fqxO-3NoJXRvXK=x7EqvTsWBg3yr1w@mail.gmail.com>
To: Aijun Wang <wangaijun@tsinghua.org.cn>
Cc: pim@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/ZfULPe8JEXaIPC0Yl9E2apKaexU>
Subject: Re: [pim] Updates to draft-ietf-pim-igmp-mld-extension, WG input wanted
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 17:24:52 -0000
Hi Aijun Thanks for your suggestion. We did think about this previously. The problem though is that you cannot trust this. By accident, or intentionally if an attack, one could send a message that has the Total TLV Length set to a value matching the size of the IGMP packet, but still have a TLV with a length far exceeding the size of the packet. Thanks, Stig On Thu, May 12, 2022 at 5:04 AM Aijun Wang <wangaijun@tsinghua.org.cn> wrote: > > Hi, Stig: > > Is it useful to define the total length of “Extension TLV” at the beginning of the “Extension Format”? > As indicated in the https://datatracker.ietf.org/doc/html/draft-ietf-pim-igmp-mld-extension-07.txt#section-5 > > > “The total length of the Extension MUST NOT exceed the remainder of > the IP payload length. For this validation, one only examines the > content of the Extension Length fields.” > > > In the current format, to accomplish the validation, the implementation must walk through all the TLVs. > > > And, if such field exist, the former validation can also be easier, or just ignore it. > > > “There MUST NOT be any data in the IP payload after the last TLV. > To check this, the parser needs to walk through each of the TLVs > until there are less than four octets left in the IP payload. If > there are any octets left, validation fails.” > > > > Aijun Wang > China Telecom > > On May 12, 2022, at 08:26, Stig Venaas <stig@venaas.com> wrote: > > Dear pim WG > > Based on the IESG evaluation of draft-ietf-pim-igmp-mld-extension I > have made some larger changes, please see > https://datatracker.ietf.org/doc/html/draft-ietf-pim-igmp-mld-extension-07.txt > > There was a request to add experimental code-points. I've added 2, I > think that should be sufficient. Different experiments can use the > same code-points. > > I was also asked to add a no-op TLV. This doesn't do much, but it > might perhaps allow testing of implementations to see whether they are > parsing TLVs correctly. > > Finally, there were questions whether IETF Review is too strict for > assignment of code-points. In my opinion we should be cautious with > new extensions and IETF Review allows us to carefully review any > extensions in the IETF. Alternatively we could for instance have > relaxed it to just require a specification (this could be any > document, not requiring review). Please let me know if you believe we > should relax this. > > Hoping to get input within two weeks (May 25th), so that we can move > ahead with the publication, or revise as needed. Mike, let me know if > we need to do anything else to get sufficient review. > > Thanks, > Stig > > _______________________________________________ > pim mailing list > pim@ietf.org > https://www.ietf.org/mailman/listinfo/pim