IETF Logo Mail Archive

Re: [tsvwg] Teredo Extensions vs. draft-ietf-tsvwg-udp-options-18

Erik Auerswald <auerswal@unix-ag.uni-kl.de> Sat, 09 April 2022 10:40 UTC

Return-Path: <auerswal@unix-ag.uni-kl.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8C53A0524 for <tsvwg@ietfa.amsl.com>; Sat, 9 Apr 2022 03:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgGcVlBgZGsG for <tsvwg@ietfa.amsl.com>; Sat, 9 Apr 2022 03:40:36 -0700 (PDT)
Received: from mailgw1.uni-kl.de (mailgw1.uni-kl.de [IPv6:2001:638:208:120::220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D7AA3A043E for <tsvwg@ietf.org>; Sat, 9 Apr 2022 03:40:35 -0700 (PDT)
Received: from [IPV6:2a02:3037:41a:1579:e54b:57c3:12bc:c949] ([IPv6:2a02:3037:41a:1579:e54b:57c3:12bc:c949]) (authenticated bits=0) by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 239AeL8l164559 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 9 Apr 2022 12:40:29 +0200
Message-ID: <9f053530-9bdf-1530-3af6-68173af3d6d5@unix-ag.uni-kl.de>
Date: Sat, 09 Apr 2022 12:40:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: "touch@strayalpha.com" <touch@strayalpha.com>, "C. M. Heard" <heard@pobox.com>
Cc: TSVWG <tsvwg@ietf.org>
References: <20220408141318.GA32732@unix-ag.uni-kl.de> <CACL_3VGWdXziMzPzS900+-em=sc+0u1fxkH_skeBBUctJPx2XA@mail.gmail.com> <4FC16FAE-A98D-49E3-A5A1-E3959412CEA7@strayalpha.com> <CACL_3VEfP4HwbnGc4i_g+wmaQXJ34H2dC10tHMs-yQfsKi-RUg@mail.gmail.com> <0E681C1B-0CB2-4C66-BBA3-A7BE4B15B65A@strayalpha.com>
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
In-Reply-To: <0E681C1B-0CB2-4C66-BBA3-A7BE4B15B65A@strayalpha.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/_mEOcA8wvr_mhse17LuMaQ7Chzo>
Subject: Re: [tsvwg] Teredo Extensions vs. draft-ietf-tsvwg-udp-options-18
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Apr 2022 10:40:41 -0000

Hi,

On 09.04.22 01:42, touch@strayalpha.com wrote:
>> On Apr 8, 2022, at 4:16 PM, C. M. Heard <heard@pobox.com> wrote:
>> On Fri, Apr 8, 2022 at 3:42 PM Joe TOuch wrote:
>>>     In addition, Section 5.2.3 of [RFC4380] states:
>>>
>>>        An IPv6 packet is deemed valid if it conforms to [RFC2460]: the
>>>        protocol identifier should indicate an IPv6 packet and the payload
>>>        length should be consistent with the length of the UDP datagram in
>>>        which the packet is encapsulated.  In addition, the client should
>>>        check that the IPv6 destination address correspond [sic] to its
>>>        own Teredo address.
>>
>> I read that as implying UDP inside IPv6; there’s nothing in RFC2460 that establishes a relationship between IPv4 length and UDP length or between the protocol that encapsulates IPv6 (e.g., Ethernet or other link layers, or Teredo here) and the IPv6 length.
>>
>> So I’ll admit that one threw me...
>>
>> I'll admit that I had the same reaction on a quick read …
> 
> FWIW, RFC 2460 mentions UDP in only a few places. One notable one (Sec 8.1) clarifies explicitly that the pseudo header (used for UDP checkums) uses the transport length, not the IP length. So devices that do otherwise (as we’ve been talking) are in clear violation of this, if they do otherwise for IPv6 packets.
> 
> There is never a discussion of the layer in which the IPv6 packet resides. Thus I think our confusion is valid. I plan to issue an errata  to 4380 clarifying that this “conformance” isn’t specified in that RFC, and one for 6081 that clarifies it is equally irrelevant.
> 
> Unless anyone can suggest there’s a valid way to interpret the text in reference to 2460...

I concur that the text in RFC 4380 section 5.2.3 seems to be
a bit unclear.  I do not think it is wrong.

A possible interpretation could be that RFC 2460 (back then)
specified IPv6 and thus how to determine the length of the
encapsulated IPv6 packet.

This length needs to fit into the available space in the
encapsulating UDP datagram, possibly after subtracting the
space used by Teredo's Origin Indication and/or Authentication
encapsulations.

Since Teredo is explicitly an IPv6 over IPv4 tunneling
mechanism using IPv4+UDP for NAT Traversal, as opposed to a
generic UDP based tunneling mechanism, it seems likely that
an implementer would be able to come to this conclusion from
the existing description.

Thus I do not think that this warrants an errata report
against RFC 4380.

Best regards,
Erik

v2.23.0 | Report a Bug | By Email