Date: Fri, 25 Jan 2008 18:40:56 -0500 From: Subhendu Ghosh <sghosh@redhat.com> Subject: [users:00492] Re: IPV6 routing header with type 0 doesn't support by latest kernel To: users@tahi.org Message-Id: <479A7388.20308@redhat.com> In-Reply-To: <479A5770.6050101@alcatel-lucent.com> References: <47746300.1020404@cn.fujitsu.com> <477851F3.9030402@cn.fujitsu.com> <20080101222240.r1dqh8wlc000gk4g@webmail.corp.redhat.com> <BDC75A1E-9BF3-4B92-9C17-0170BAB06005@tahi.org> <4797CE07.7050202@alcatel-lucent.com> <479A06AE.90004@alcatel-lucent.com> <20080125163725.GB14346@pingi.kke.suse.de> <479A35AE.9030602@redhat.com> <479A5770.6050101@alcatel-lucent.com> X-Mail-Count: 00492TAHI folks are on this list. I am sure they will respond. Others having this issue? Yes - I am. -regards Subhendu Yinghui Yao wrote: > I really appreciate your help. > > We are making a router which has our customized kernel which is derived > from KAME. Our behavior on RH0 is dropping the packet and sending back > ICMP. The failed tests are "IPv6 Specification: 56, 59, 60, 63, 64, 65." > > Are TAHI folks on this mailing list? Or is there a separate list? I want > to ask them about the "100% pass policy" on this RFC 5095 case. Any > other guys out there having my problems? > > Thanks, > Yinghui Yao > Alcatel-Lucent > > Subhendu Ghosh wrote: >> It doesn't matter which kernel version fails or how it fails. >> >> It is more a question of policy with regards to existing non-beta test >> suite and RFC status. >> >> Self_Test_1_4_9 has been out for a while and RFC5095 has been out for >> a month. >> >> Does an intersection of Self_Test_1_4_9 and RFC5095 satisfy Logo >> requirements? >> >> Does an intersection of Self_Test_1_4_9 and CVE-2007-2242 satisfy Logo >> requirements? >> >> The consensus for the CVE workaround was to drop the RH0 packets with >> no action. RFC 5095 changes that consensus to require a ICMP parameter >> problem message. >> >> According to the statements from the TAHI folks after the CVE was >> issued, it seemed to indicate that Self_Test_1_4_9 as shipped had to >> be passed 100% unmodified for Logo requirements. >> >> -regards >> Subhendu Ghosh >> >> Karsten Keil wrote: >>> On Fri, Jan 25, 2008 at 08:56:30AM -0700, Yinghui Yao wrote: >>>> Hi, >>>> >>>> Can anyone please give me an answer for this? >>>> >>> >>> Which kernel do you use and which test do fail ? >>> Afaik here was a wrong securety fix in some kernel versions which >>> did disable RH0 handling completely, instead to send correct ICMP >>> messages. >>> >>> >>>> Thanks, >>>> Yinghui Yao >>>> Alcatel-Lucent >>>> >>>> Yinghui Yao wrote: >>>>> Hi, >>>>> >>>>> Let's not talk about the beta program. I need to pass Self_Test_1_4_9 >>>>> and now our NUT is dropping the RH0 packet. Is that acceptable in your >>>>> evaluation process or we have to modify our program to pass "100%" of >>>>> your tests. >>>>> >>>>> Thanks, >>>>> Yinghui Yao >>>>> Alcatel-Lucent >>>>> >>>>> Hiroshi MIYATA wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> You know IPv6 Logo Program is planing to update the IPv6 core test >>>>>> specification. >>>>>> It was under public review.(until 3rd, Jan.) >>>>>> And RH0 is covered in the latest version under public review. >>>>>> Please visit here. >>>>>> http://www.ipv6ready.org/announcement/public_review20071204_p2core.html >>>>>> >>>>>> >>>>>> >>>>>> And the test tool is compliant to this test test specification. >>>>>> http://www.tahi.org/logo/release/Self_Test_1-5-0b1.tgz >>>>>> >>>>>> Disabling RH0 is not mandated at this moment, but it is selectable. >>>>>> We may need some discussion on this. >>>>>> Although, the public review is over, if you have some comments about >>>>>> this, v6LC welcome your comments. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> ....miyata >>>>>> >>>>>> On 2008/01/02, at 12:22, sghosh@redhat.com wrote: >>>>>> >>>>>> >>>>>>> Self Test 1.5.0-b2 (beta) >>>>>>> Includes the some of the bits to see if Type0 should be supported or >>>>>>> not. >>>>>>> See config.txt in the testsuite. RFC5095 was just published on >>>>>>> Standards Track >>>>>>> deprecating RH0 and specifying the required behavior. ICMP Parameter >>>>>>> Problem is >>>>>>> now required. The testsuite could not be changed until the RFC was >>>>>>> published. >>>>>>> >>>>>>> The original fix for the CVE in some distributions like RHEL was to >>>>>>> silently >>>>>>> drop the packet. That behavior needs to be updated. >>>>>>> >>>>>>> -regards >>>>>>> Subhendu Ghosh >>>>>>> >>>>>>> >>>>>>> Quoting Gui Jianfeng <guijianfeng@cn.fujitsu.com>: >>>>>>> >>>>>>> >>>>>>>> Who knows? :-) >>>>>>>> >>>>>>>> Gui Jianfeng 蜀咎%: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> IPV6 routing header with type 0 doesn't support by latest linux >>>>>>>>> kernel any more, >>>>>>>>> but some of the IPV6 ct test cases are still based on routing >>>>>>>>> header of type 0. >>>>>>>>> I'd like to know, whether this kind of test cases will be removed >>>>>>>>> or updated? >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Gui Jianfeng >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> >>>>>>>> Regards >>>>>>>> Gui Jianfeng >>>>>>>> -------------------------------------------------- >>>>>>>> Gui Jianfeng >>>>>>>> Development Dept.I >>>>>>>> Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) >>>>>>>> 8/F., Civil Defense Building, No.189 Guangzhou Road, >>>>>>>> Nanjing, 210029, China >>>>>>>> TEL: +86+25-86630566-838 >>>>>>>> COINS: 79955-838 >>>>>>>> FAX: +86+25-83317685 >>>>>>>> MAIL:guijianfeng@cn.fujitsu.com >>>>>>>> -------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>> >> > > >492_2.x-vcard (attatchment)(tag is disabled)