IETF Logo Mail Archive

Re: [v6ops] [OPSEC] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)

Nick Buraglio <buraglio@forwardingplane.net> Thu, 18 May 2023 15:08 UTC

Return-Path: <nick@buraglio.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F1D2C14CE38 for <v6ops@ietfa.amsl.com>; Thu, 18 May 2023 08:08:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=forwardingplane-net.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1xs42yDGfuq for <v6ops@ietfa.amsl.com>; Thu, 18 May 2023 08:08:18 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725C9C151098 for <v6ops@ietf.org>; Thu, 18 May 2023 08:06:45 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1ab032d9266so22221245ad.0 for <v6ops@ietf.org>; Thu, 18 May 2023 08:06:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardingplane-net.20221208.gappssmtp.com; s=20221208; t=1684422405; x=1687014405; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=avrTiVBS9AwZxXQxKKRA3pyDLqViISk/lffV3+6360U=; b=mi8CYAIxKh8/iItGTAzASEXdspe3q4a9UzZo1nSw7yYQnsP0wzkrzBxbtS0l+qbxce hVrEyIuAdf8u6+2OitoViSi6IZlAZH2dij7v8Y098yh+ZQDg/O5hJX66iDXe3rJ8mdtP FnqAC0dSvyTZIoiMWghdI9RSXdYNO7d1ia2/yL1Y13n2XYilJlFFKAjrKjCK98ad/PNn GON0HeUXIHulVMACBfrE4oWAMW1JI4yiaVx7Z33FScjYdH+EIB3yvPJ8b6QxeJ+ShakJ u0XNxB6NYOGVEzSSgRnhvhCBv5aJlyyHC9Lvnc0TFCrHhm2xiDy0gXtztbkjoX39j2/v HicQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684422405; x=1687014405; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=avrTiVBS9AwZxXQxKKRA3pyDLqViISk/lffV3+6360U=; b=BPzE5Tx6NzDZcF+X26w0fyxa5B90tPqJQfFwV0weYrEmdyqbcevhP5ueQKpp5gaXG7 TA6dmHz2iaao7LXC4MwUogUB3ePK7uDW0Cqd/WucwH9hxhjSgY6hUpb/b5dcTcuhPACx Tcprdmx5DKVXAGL+KkE4AVQdmuSGnbKtfxqC7Pup6cOfgSGjuc4uOs12So+caewPXBbS 2gYRsvIXW0RdLRXrSd+McrlRERnXqSc+AibX8Xxds+ohdCPKgEL6HdAJDvOJ69GRQ5WP lBdwwC+1o7UJuK0ZFrYoJM12rT1pIpkJ7m0lg3B9WlQWostSfws+MTT8mEuSCZVCGtX9 jiNA==
X-Gm-Message-State: AC+VfDyP8hNCLo9nFN99D6lfL4ZTout8XmJGa6N4rcQGefB0PLPOaeEf 2hYEr+gKGe3CYiZ6Jl72ahCnu87xdoyg1dY/I4GlsA==
X-Google-Smtp-Source: ACHHUZ5JyAz85bcdZ4/q4tthlFzPoKCSl3SjXDVXv3h/avI1FiBNaOVq+CGW5fXW0F4Mik/wXbvHjOFaNrSDO5tbDNU=
X-Received: by 2002:a17:90a:3906:b0:24b:755a:9e99 with SMTP id y6-20020a17090a390600b0024b755a9e99mr2793091pjb.31.1684422404673; Thu, 18 May 2023 08:06:44 -0700 (PDT)
MIME-Version: 1.0
References: <11087a11-476c-5fb8-2ede-e1b3b6e95e48@si6networks.com> <CALx6S343f_FPXVxuZuXB4j=nY-SuTEYrnxb3O5OQ3fv5uPwT8g@mail.gmail.com> <CAN-Dau1pTVr6ak9rc9x7irg+aLhq0N8_WOyySqx5Syt74HMX=g@mail.gmail.com> <a087b963-1e12-66bf-b93e-5190ce09914b@si6networks.com> <CWXP265MB515321A0E0A91CD66260C26CC27F9@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <CALx6S35py1b6EyS3UeT8JvgwN-w8wBtprCn9OJSCS-nvfQ_L-A@mail.gmail.com> <CAGB08_djDtrFRY37ZTH_draGLTxM3vO7bMfT6YyyKFrTH_Tx5w@mail.gmail.com> <ZGY-TLu6gb358QaO@dwc-desktop.local>
In-Reply-To: <ZGY-TLu6gb358QaO@dwc-desktop.local>
From: Nick Buraglio <buraglio@forwardingplane.net>
Date: Thu, 18 May 2023 10:06:33 -0500
Message-ID: <CAGB08_cBiQBrkHgNiog6r5KL4NBsppy5b_KQCyZ1_0WxOqWZmA@mail.gmail.com>
To: "Dale W. Carder" <dwcarder@es.net>
Cc: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, Andrew Campling <andrew.campling@419.consulting>, Fernando Gont <fgont@si6networks.com>, V6 Ops List <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, opsec WG <opsec@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000152bfa05fbf9270f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/dW-jL94wb34ka_gq5c5AbaDQveo>
Subject: Re: [v6ops] [OPSEC] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2023 15:08:22 -0000

Thanks, Dale. 9098 was more what I was thinking. I don't believe I have
read that but will do so now.

nb

On Thu, May 18, 2023 at 10:03 AM Dale W. Carder <dwcarder@es.net> wrote:

> Thus spake Nick Buraglio (buraglio@forwardingplane.net) on Thu, May 18,
> 2023 at 09:49:21AM -0500:
> > Is there any document that details the current operational best practices
> > or explains the EH options and use cases in a succinct document?
>
> Sort of in RFC9098.  (Note there's also a lot of references in section 5
> also.)
>
> I've always thought that as an operational resource, RFC4890 did a
> phenomenal job, but I'm not as sure the guidance would be as clear cut
> for extension headers generally.
>
> Dale
>

v2.23.0 | Report a Bug | By Email