hostRecvRedirect4OfflinkDC - Verifying Redirect (to a better router) vs. Destination Cache
Host only
TN NUT ----------------------
State: No neighbor cache entry (for R1, TN)
==== unsolicited RA ===> src=R1's link-local dst=all-node M=0, O=0 RouterLifetime=0 ReachableTime=0 RetransTimer=0
==== unsolicited RA ===> src=TN's link-local dst=all-node M=0, O=0 RouterLifetime=0 ReachableTime=0 RetransTimer=0
==== unsolicited RA ===> src=R1's link-local dst=all-node M=0, O=0 RouterLifetime=600 ReachableTime=0 RetransTimer=0 w/ SLLA Prefix Option: L=1, A=1 ValidLifetime=2592000 PreferredLifetime=604800 Prefix=3ffe:501:ffff:100::/64
State: STALE (for R1), No neighbor cache entry (for TN)
==== solicited NA ===> src=R1's link-local dst=NUT's link-local R=1, S=1, O=1 target=R1's link-local TLLA=R1's LLA
State: REACHABLE (for R1), No neighbor cache entry (for TN)
==== unsolicited RA ===> src=TN's link-local dst=all-node M=0, O=0 RouterLifetime=600 ReachableTime=0 RetransTimer=0 w/ SLLA Prefix Option: L=1, A=1 ValidLifetime=2592000 PreferredLifetime=604800 Prefix=3ffe:501:ffff:100::/64
State: REACHABLE (for R1), STALE (for TN)
==== solicited NA ===> src=TN's link-local dst=NUT's link-local R=1, S=1, O=1 target=TN's link-local TLLA=TN's LLA
State: REACHABLE (for R1, TN)
Wait (3 sec) for DAD NS
hostRecvRedirect4OfflinkDC verifies that a redirect message (ICMP Destination != ICMP Target) updates a Destination Cache entry.
TN NUT ----------------------
State: REACHABLE (for R1, TN)
==== echo-request ===> src=H1(off-link global), prefix=3ffe:501:ffff:109::/64, but LLA is R1's one dst=NUT's global, prefix=3ffe:501:ffff:100::/64
<=== Judgment #1: echo-reply ==== src=NUT's global, prefix=3ffe:501:ffff:100::/64 dst=H1(off-link global), prefix=3ffe:501:ffff:109::/64, but LLA is R1's one
==== redirect ===> valid redirect OR suspicious redirect OR invalid redirect
==== echo-request ===> src=H1(off-link global), prefix=3ffe:501:ffff:109::/64, but LLA is R1's one dst=NUT's global, prefix=3ffe:501:ffff:100::/64
<=== echo-reply ==== If the message is either valid or suspicious, NUT throw echo-reply to TN (the better router) : src=NUT's global, prefix=3ffe:501:ffff:100::/64 dst=H1(off-link global), prefix=3ffe:501:ffff:109::/64,but LLA is TN's one OR If the message is invalid, NUT throw echo-reply to R1 (the default router) : src=NUT's global, prefix=3ffe:501:ffff:100::/64 dst=H1(off-link global), prefix=3ffe:501:ffff:109::/64,but LLA is R1's one
1. NUT must throw echo-reply whose destination is off-link global
to the default router, ie R1.
2. Valid redirect messages vs. Destination Cache
========================================================+=============+=======================
Valid redirect message that NUT receives |Destination | Expected packet
---------------------+-----------------+----------------+Cache |
IP |ICMP |Options |for H1 |
----------+----------+----------+------+-----+----------+-------+-----+
Src |Dst |Target |Dst |TLLA |Redirected|Before |After|
==========+==========+==========+======+=====+==========+=======+=====+=======================
link-local|link-local|link-local|global|none |none |R1 |TN |echo-reply
(R1) |(NUT) |(TN) |(H1) | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |none |exist |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |exist|none |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |exist|exist |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |global |- |- |none |none |R1 |TN |echo-reply
|(NUT) | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |none |exist |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |exist|none |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+-------+-----+-----------------------
- |- |- |- |exist|exist |R1 |TN |echo-reply
| | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
==========+==========+==========+======+=====+==========+=======+=====+=======================
-: same as above
3. Suspicious redirect messages vs. Destination Cache
========================================================+============+========================
Suspicious redirect message that NUT receives |Destination |Expected packet
---------------------+-----------------+----------------+Cache |
IP |ICMP |Options |for H1 |
----------+----------+----------+------+-----+----------+------+-----+
Src |Dst |Target |Dst |TLLA |Redirected|Before|After|
==========+==========+==========+======+=====+==========+======+=====+========================
link-local|link-local|link-local|global|exist|exist |R1 |TN |echo-reply
(R1) |(NUT) |(TN) |(H1) | |> 1280 and| | | src=NUT's global
| | | | |bogus | | | dst=H1's global
| | | | |*susp. | | | but, LLA is TN's
----------+----------+----------+------+-----+----------+------+-----+------------------------
- |all-node |- |- |exist|exist |R1 |TN |echo-reply
|*susp. | | | | | | | src=NUT's global
| | | | | | | | dst=H1's global
| | | | | | | | but, LLA is TN's
==========+==========+==========+======+=====+==========+======+=====+========================
-: same as above
4. Invalid redirect messages vs. Destination Cache
==============================================================+============+======================
Invalid redirect message that NUT receive |Destination |Expected packet
---------------------+----------------------------------------+Cache |
IP |ICMP |for H1 |
----------+----------+--------+----+--------+----------+------+------------+
Src |Dst |Hoplimit|Code|Checksum|Target |Dst |Before|After|
==========+==========+========+====+========+==========+======+======+=====+======================
global |link-local|255 |0 |valid |link-local|global|R1 |R1 |echo-reply
*invalid |(NUT) | | | |(TN) |(H1) | | | src=NUT's global
| | | | | | | | | dst=H1's global
| | | | | | | | | but LLA is R1's
----------+----------+--------+----+--------+----------+------+------+-----+----------------------
bogus |- |- |- |- |- |- |R1 |R1 |echo-reply
router's | | | | | | | | | src=NUT's global
link-local| | | | | | | | | dst=H1's global
*invalid | | | | | | | | | but LLA is R1's
----------+----------+--------+----+--------+----------+------+------+-----+----------------------
link-local|- |!=255 |- |- |- |- |R1 |R1 |echo-reply
(R1) | |*invalid| | | | | | | src=NUT's global
| | | | | | | | | dst=H1's global
| | | | | | | | | but LLA is R1's
----------+----------+--------+----+--------+----------+------+------+-----+----------------------
- |- |255 |!=0 |- |- |- |R1 |R1 |echo-reply
| | |*inv| | | | | | src=NUT's global
| | | | | | | | | dst=H1's global
| | | | | | | | | but LLA is R1's
----------+----------+--------+----+--------+----------+------+------+-----+----------------------
- |- |- |0 |*invalid|- |- |R1 |R1 |echo-reply
| | | | | | | | | src=NUT's global
| | | | | | | | | dst=H1's global
| | | | | | | | | but LLA is R1's
==========+==========+========+====+========+==========+======+======+=====+======================
-: same as above
Send RAs to clear the Default Router List: - RA (src=R1) with RouterLifetime=0 - RA (src=TN) with RouterLifetime=0
Clear IPv6 routes by remote command. XXX
The test invokes the following command: - Clear IPv6 routes
RFC2461
8.1. Validation of Redirect Messages
A host MUST silently discard any received Redirect message that does not satisfy all of the following validity checks:
- IP Source Address is a link-local address. Routers must use their link-local address as the source for Router Advertisement and Redirect messages so that hosts can uniquely identify routers.
- The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
- If the message includes an IP Authentication Header, the message authenticates correctly.
- ICMP Checksum is valid.
- ICMP Code is 0.
- ICMP length (derived from the IP length) is 40 or more octets.
- The IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address.
- The ICMP Destination Address field in the redirect message does not contain a multicast address.
- The ICMP Target Address is either a link-local address (when redirected to a router) or the same as the ICMP Destination Address (when redirected to the on-link destination).
- All included options have a length that is greater than zero.
8.3. Host Specification
A host receiving a valid redirect SHOULD update its Destination Cache accordingly so that subsequent traffic goes to the specified target. If no Destination Cache entry exists for the destination, an implementation SHOULD create such an entry.
If the redirect contains a Target Link-Layer Address option the host either creates or updates the Neighbor Cache entry for the target. In both cases the cached link-layer address is copied from the Target Link-Layer Address option. If a Neighbor Cache entry is created for the target its reachability state MUST be set to STALE as specified in Section 7.3.3. If a cache entry already existed and it is updated with a different link-layer address, its reachability state MUST also be set to STALE. If the link-layer address is the same as that already in the cache, the cache entry's state remains unchanged.
If the Target and Destination Addresses are the same, the host MUST treat the Target as on-link. If the Target Address is not the same as the Destination Address, the host MUST set IsRouter to TRUE for the target. If the Target and Destination Addresses are the same, however, one cannot reliably determine whether the Target Address is a router. Consequently, newly created Neighbor Cache entries should set the IsRouter flag to FALSE, while existing cache entries should leave the flag unchanged. If the Target is a router, subsequent Neighbor Advertisement or Router Advertisement messages will update IsRouter accordingly.
perldoc V6evalTool perldoc V6evalRemote