Article 486 at 08/01/26 06:41:07 From: Yinghui.Yao@alcatel-lucent.com Subject: [users:00486] Re: IPV6 routing header with type 0 doesn't support by latest kernel

Index: [Article Count Order] [Thread]
Date: Fri, 25 Jan 2008 14:41:04 -0700
From: Yinghui Yao <Yinghui.Yao@alcatel-lucent.com>
Subject: [users:00486] Re: IPV6 routing header with type 0 doesn't support by latest kernel
To: users@tahi.org
Message-Id: <479A5770.6050101@alcatel-lucent.com>
In-Reply-To: <479A35AE.9030602@redhat.com>
References: <47746300.1020404@cn.fujitsu.com> <477851F3.9030402@cn.fujitsu.com> <20080101222240.r1dqh8wlc000gk4g@webmail.corp.redhat.com> <BDC75A1E-9BF3-4B92-9C17-0170BAB06005@tahi.org> <4797CE07.7050202@alcatel-lucent.com> <479A06AE.90004@alcatel-lucent.com> <20080125163725.GB14346@pingi.kke.suse.de> <479A35AE.9030602@redhat.com>
X-Mail-Count: 00486

I really appreciate your help.

We are making a router which has our customized kernel which is derived 
from KAME. Our behavior on RH0 is dropping the packet and sending back 
ICMP. The failed tests are "IPv6 Specification: 56, 59, 60, 63, 64, 65."

Are TAHI folks on this mailing list? Or is there a separate list? I want 
to ask them about the "100% pass policy" on this RFC 5095 case. Any 
other guys out there having my problems?

Thanks,
Yinghui Yao
Alcatel-Lucent

Subhendu Ghosh wrote:
> It doesn't matter which kernel version fails or how it fails.
>
> It is more a question of policy with regards to existing non-beta test 
> suite and RFC status.
>
> Self_Test_1_4_9 has been out for a while and RFC5095 has been out for 
> a month.
>
> Does an intersection of Self_Test_1_4_9 and RFC5095 satisfy Logo 
> requirements?
>
> Does an intersection of Self_Test_1_4_9 and CVE-2007-2242 satisfy Logo 
> requirements?
>
> The consensus for the CVE workaround was to drop the RH0 packets with 
> no action. RFC 5095 changes that consensus to require a ICMP parameter 
> problem message.
>
> According to the statements from the TAHI folks after the CVE was 
> issued, it seemed to indicate that Self_Test_1_4_9 as shipped had to 
> be passed 100% unmodified for Logo requirements.
>
> -regards
> Subhendu Ghosh
>
> Karsten Keil wrote:
>> On Fri, Jan 25, 2008 at 08:56:30AM -0700, Yinghui Yao wrote:
>>> Hi,
>>>
>>> Can anyone please give me an answer for this?
>>>
>>
>> Which kernel do you use and which test do fail ?
>> Afaik here was a wrong securety fix in some kernel versions which
>> did disable RH0 handling completely, instead to send correct ICMP
>> messages.
>>
>>
>>> Thanks,
>>> Yinghui Yao
>>> Alcatel-Lucent
>>>
>>> Yinghui Yao wrote:
>>>> Hi,
>>>>
>>>> Let's not talk about the beta program. I need to pass Self_Test_1_4_9
>>>> and now our NUT is dropping the RH0 packet. Is that acceptable in your
>>>> evaluation process or we have to modify our program to pass "100%" of
>>>> your tests.
>>>>
>>>> Thanks,
>>>> Yinghui Yao
>>>> Alcatel-Lucent
>>>>
>>>> Hiroshi MIYATA wrote:
>>>>  
>>>>> Hi all,
>>>>>
>>>>> You know IPv6 Logo Program is planing to update the IPv6 core test
>>>>> specification.
>>>>> It was under public review.(until 3rd, Jan.)
>>>>> And RH0 is covered in the latest version under public review.
>>>>> Please visit here.
>>>>> http://www.ipv6ready.org/announcement/public_review20071204_p2core.html 
>>>>>
>>>>>
>>>>>
>>>>> And the test tool is compliant to this test test specification.
>>>>> http://www.tahi.org/logo/release/Self_Test_1-5-0b1.tgz
>>>>>
>>>>> Disabling RH0 is not mandated at this moment, but it is selectable.
>>>>> We may need some discussion on this.
>>>>> Although, the public review is over, if you have some comments about
>>>>> this, v6LC welcome your comments.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> ....miyata
>>>>>
>>>>> On 2008/01/02, at 12:22, sghosh@redhat.com wrote:
>>>>>
>>>>>    
>>>>>> Self Test 1.5.0-b2 (beta)
>>>>>> Includes the some of the bits to see if Type0 should be supported or
>>>>>> not.
>>>>>> See config.txt in the testsuite. RFC5095 was just published on
>>>>>> Standards Track
>>>>>> deprecating RH0 and specifying the required behavior. ICMP Parameter
>>>>>> Problem is
>>>>>> now required. The testsuite could not be changed until the RFC was
>>>>>> published.
>>>>>>
>>>>>> The original fix for the CVE in some distributions like RHEL was to
>>>>>> silently
>>>>>> drop the packet. That behavior needs to be updated.
>>>>>>
>>>>>> -regards
>>>>>> Subhendu Ghosh
>>>>>>
>>>>>>
>>>>>> Quoting Gui Jianfeng <guijianfeng@cn.fujitsu.com>:
>>>>>>
>>>>>>      
>>>>>>> Who knows? :-)
>>>>>>>
>>>>>>> Gui Jianfeng 蜀咎％:
>>>>>>>        
>>>>>>>> Hi all,
>>>>>>>> IPV6 routing header with type 0 doesn't support by latest linux
>>>>>>>> kernel any more,
>>>>>>>> but some of the IPV6 ct test cases are still based on routing
>>>>>>>> header of type 0.
>>>>>>>> I'd like to know, whether this kind of test cases will be removed
>>>>>>>> or updated?
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Gui Jianfeng
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>           
>>>>>>> -- 
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>> Gui Jianfeng
>>>>>>> --------------------------------------------------
>>>>>>> Gui Jianfeng
>>>>>>> Development Dept.I
>>>>>>> Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
>>>>>>> 8/F., Civil Defense Building, No.189 Guangzhou Road,
>>>>>>> Nanjing, 210029, China
>>>>>>> TEL: +86+25-86630566-838
>>>>>>> COINS: 79955-838
>>>>>>> FAX: +86+25-83317685
>>>>>>> MAIL:guijianfeng@cn.fujitsu.com
>>>>>>> --------------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>>         
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>       
>>>>>     
>>>>
>>>>   
>>
>