Glad to find someone on the same boat ;) I just hope TAHI guys can
respond soon when I'm under the gun to get this precious logo :)
Thanks again.
Yinghui Yao
Subhendu Ghosh wrote:
> TAHI folks are on this list. I am sure they will respond.
>
> Others having this issue? Yes - I am.
>
> -regards
> Subhendu
>
> Yinghui Yao wrote:
>> I really appreciate your help.
>>
>> We are making a router which has our customized kernel which is
>> derived from KAME. Our behavior on RH0 is dropping the packet and
>> sending back ICMP. The failed tests are "IPv6 Specification: 56, 59,
>> 60, 63, 64, 65."
>>
>> Are TAHI folks on this mailing list? Or is there a separate list? I
>> want to ask them about the "100% pass policy" on this RFC 5095 case.
>> Any other guys out there having my problems?
>>
>> Thanks,
>> Yinghui Yao
>> Alcatel-Lucent
>>
>> Subhendu Ghosh wrote:
>>> It doesn't matter which kernel version fails or how it fails.
>>>
>>> It is more a question of policy with regards to existing non-beta
>>> test suite and RFC status.
>>>
>>> Self_Test_1_4_9 has been out for a while and RFC5095 has been out
>>> for a month.
>>>
>>> Does an intersection of Self_Test_1_4_9 and RFC5095 satisfy Logo
>>> requirements?
>>>
>>> Does an intersection of Self_Test_1_4_9 and CVE-2007-2242 satisfy
>>> Logo requirements?
>>>
>>> The consensus for the CVE workaround was to drop the RH0 packets
>>> with no action. RFC 5095 changes that consensus to require a ICMP
>>> parameter problem message.
>>>
>>> According to the statements from the TAHI folks after the CVE was
>>> issued, it seemed to indicate that Self_Test_1_4_9 as shipped had to
>>> be passed 100% unmodified for Logo requirements.
>>>
>>> -regards
>>> Subhendu Ghosh
>>>
>>> Karsten Keil wrote:
>>>> On Fri, Jan 25, 2008 at 08:56:30AM -0700, Yinghui Yao wrote:
>>>>> Hi,
>>>>>
>>>>> Can anyone please give me an answer for this?
>>>>>
>>>>
>>>> Which kernel do you use and which test do fail ?
>>>> Afaik here was a wrong securety fix in some kernel versions which
>>>> did disable RH0 handling completely, instead to send correct ICMP
>>>> messages.
>>>>
>>>>
>>>>> Thanks,
>>>>> Yinghui Yao
>>>>> Alcatel-Lucent
>>>>>
>>>>> Yinghui Yao wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Let's not talk about the beta program. I need to pass
>>>>>> Self_Test_1_4_9
>>>>>> and now our NUT is dropping the RH0 packet. Is that acceptable in
>>>>>> your
>>>>>> evaluation process or we have to modify our program to pass
>>>>>> "100%" of
>>>>>> your tests.
>>>>>>
>>>>>> Thanks,
>>>>>> Yinghui Yao
>>>>>> Alcatel-Lucent
>>>>>>
>>>>>> Hiroshi MIYATA wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> You know IPv6 Logo Program is planing to update the IPv6 core test
>>>>>>> specification.
>>>>>>> It was under public review.(until 3rd, Jan.)
>>>>>>> And RH0 is covered in the latest version under public review.
>>>>>>> Please visit here.
>>>>>>> http://www.ipv6ready.org/announcement/public_review20071204_p2core.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> And the test tool is compliant to this test test specification.
>>>>>>> http://www.tahi.org/logo/release/Self_Test_1-5-0b1.tgz
>>>>>>>
>>>>>>> Disabling RH0 is not mandated at this moment, but it is selectable.
>>>>>>> We may need some discussion on this.
>>>>>>> Although, the public review is over, if you have some comments
>>>>>>> about
>>>>>>> this, v6LC welcome your comments.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> ....miyata
>>>>>>>
>>>>>>> On 2008/01/02, at 12:22, sghosh@redhat.com wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Self Test 1.5.0-b2 (beta)
>>>>>>>> Includes the some of the bits to see if Type0 should be
>>>>>>>> supported or
>>>>>>>> not.
>>>>>>>> See config.txt in the testsuite. RFC5095 was just published on
>>>>>>>> Standards Track
>>>>>>>> deprecating RH0 and specifying the required behavior. ICMP
>>>>>>>> Parameter
>>>>>>>> Problem is
>>>>>>>> now required. The testsuite could not be changed until the RFC was
>>>>>>>> published.
>>>>>>>>
>>>>>>>> The original fix for the CVE in some distributions like RHEL
>>>>>>>> was to
>>>>>>>> silently
>>>>>>>> drop the packet. That behavior needs to be updated.
>>>>>>>>
>>>>>>>> -regards
>>>>>>>> Subhendu Ghosh
>>>>>>>>
>>>>>>>>
>>>>>>>> Quoting Gui Jianfeng <guijianfeng@cn.fujitsu.com>:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Who knows? :-)
>>>>>>>>>
>>>>>>>>> Gui Jianfeng 蜀咎%:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>> IPV6 routing header with type 0 doesn't support by latest linux
>>>>>>>>>> kernel any more,
>>>>>>>>>> but some of the IPV6 ct test cases are still based on routing
>>>>>>>>>> header of type 0.
>>>>>>>>>> I'd like to know, whether this kind of test cases will be
>>>>>>>>>> removed
>>>>>>>>>> or updated?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Gui Jianfeng
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Gui Jianfeng
>>>>>>>>> --------------------------------------------------
>>>>>>>>> Gui Jianfeng
>>>>>>>>> Development Dept.I
>>>>>>>>> Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
>>>>>>>>> 8/F., Civil Defense Building, No.189 Guangzhou Road,
>>>>>>>>> Nanjing, 210029, China
>>>>>>>>> TEL: +86+25-86630566-838
>>>>>>>>> COINS: 79955-838
>>>>>>>>> FAX: +86+25-83317685
>>>>>>>>> MAIL:guijianfeng@cn.fujitsu.com
>>>>>>>>> --------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>>
>>
>>
>