Date: Fri, 25 Jan 2008 14:17:02 -0500 From: Subhendu Ghosh <sghosh@redhat.com> Subject: [users:00485] Re: IPV6 routing header with type 0 doesn't support by latest kernel To: users@tahi.org Message-Id: <479A35AE.9030602@redhat.com> In-Reply-To: <20080125163725.GB14346@pingi.kke.suse.de> References: <47746300.1020404@cn.fujitsu.com> <477851F3.9030402@cn.fujitsu.com> <20080101222240.r1dqh8wlc000gk4g@webmail.corp.redhat.com> <BDC75A1E-9BF3-4B92-9C17-0170BAB06005@tahi.org> <4797CE07.7050202@alcatel-lucent.com> <479A06AE.90004@alcatel-lucent.com> <20080125163725.GB14346@pingi.kke.suse.de> X-Mail-Count: 00485It doesn't matter which kernel version fails or how it fails. It is more a question of policy with regards to existing non-beta test suite and RFC status. Self_Test_1_4_9 has been out for a while and RFC5095 has been out for a month. Does an intersection of Self_Test_1_4_9 and RFC5095 satisfy Logo requirements? Does an intersection of Self_Test_1_4_9 and CVE-2007-2242 satisfy Logo requirements? The consensus for the CVE workaround was to drop the RH0 packets with no action. RFC 5095 changes that consensus to require a ICMP parameter problem message. According to the statements from the TAHI folks after the CVE was issued, it seemed to indicate that Self_Test_1_4_9 as shipped had to be passed 100% unmodified for Logo requirements. -regards Subhendu Ghosh Karsten Keil wrote: > On Fri, Jan 25, 2008 at 08:56:30AM -0700, Yinghui Yao wrote: >> Hi, >> >> Can anyone please give me an answer for this? >> > > Which kernel do you use and which test do fail ? > Afaik here was a wrong securety fix in some kernel versions which > did disable RH0 handling completely, instead to send correct ICMP > messages. > > >> Thanks, >> Yinghui Yao >> Alcatel-Lucent >> >> Yinghui Yao wrote: >>> Hi, >>> >>> Let's not talk about the beta program. I need to pass Self_Test_1_4_9 >>> and now our NUT is dropping the RH0 packet. Is that acceptable in your >>> evaluation process or we have to modify our program to pass "100%" of >>> your tests. >>> >>> Thanks, >>> Yinghui Yao >>> Alcatel-Lucent >>> >>> Hiroshi MIYATA wrote: >>> >>>> Hi all, >>>> >>>> You know IPv6 Logo Program is planing to update the IPv6 core test >>>> specification. >>>> It was under public review.(until 3rd, Jan.) >>>> And RH0 is covered in the latest version under public review. >>>> Please visit here. >>>> http://www.ipv6ready.org/announcement/public_review20071204_p2core.html >>>> >>>> >>>> And the test tool is compliant to this test test specification. >>>> http://www.tahi.org/logo/release/Self_Test_1-5-0b1.tgz >>>> >>>> Disabling RH0 is not mandated at this moment, but it is selectable. >>>> We may need some discussion on this. >>>> Although, the public review is over, if you have some comments about >>>> this, v6LC welcome your comments. >>>> >>>> Thanks, >>>> >>>> ....miyata >>>> >>>> On 2008/01/02, at 12:22, sghosh@redhat.com wrote: >>>> >>>> >>>>> Self Test 1.5.0-b2 (beta) >>>>> Includes the some of the bits to see if Type0 should be supported or >>>>> not. >>>>> See config.txt in the testsuite. RFC5095 was just published on >>>>> Standards Track >>>>> deprecating RH0 and specifying the required behavior. ICMP Parameter >>>>> Problem is >>>>> now required. The testsuite could not be changed until the RFC was >>>>> published. >>>>> >>>>> The original fix for the CVE in some distributions like RHEL was to >>>>> silently >>>>> drop the packet. That behavior needs to be updated. >>>>> >>>>> -regards >>>>> Subhendu Ghosh >>>>> >>>>> >>>>> Quoting Gui Jianfeng <guijianfeng@cn.fujitsu.com>: >>>>> >>>>> >>>>>> Who knows? :-) >>>>>> >>>>>> Gui Jianfeng 蜀咎%: >>>>>> >>>>>>> Hi all, >>>>>>> IPV6 routing header with type 0 doesn't support by latest linux >>>>>>> kernel any more, >>>>>>> but some of the IPV6 ct test cases are still based on routing >>>>>>> header of type 0. >>>>>>> I'd like to know, whether this kind of test cases will be removed >>>>>>> or updated? >>>>>>> >>>>>>> >>>>>>> Regards >>>>>>> Gui Jianfeng >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> Regards >>>>>> Gui Jianfeng >>>>>> -------------------------------------------------- >>>>>> Gui Jianfeng >>>>>> Development Dept.I >>>>>> Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) >>>>>> 8/F., Civil Defense Building, No.189 Guangzhou Road, >>>>>> Nanjing, 210029, China >>>>>> TEL: +86+25-86630566-838 >>>>>> COINS: 79955-838 >>>>>> FAX: +86+25-83317685 >>>>>> MAIL:guijianfeng@cn.fujitsu.com >>>>>> -------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >485_2.x-vcard (attatchment)(tag is disabled)