Hi, Yinghui.
Supporting RFC 5095 is under preparation by IPv6 Ready Program.
Only what TAHI tester can do is just following that specification.
If you need LOGO immediately,
submitting the current results including FAIL with your reason of omission
can be one of the solutions.
Becaus RFC 5095 is well-known security fix, your result may accept by examinor.
In this case, when you get LOGO,
some texts will be added at approved list
in order to describe applicant didn't have 100% PASS.
Otherwise, please wait for their official release.
The importance is not only ignoring RH0, but also sending back ICMP error.
v1.4.9 doesn't have verifying ICMP error,
so it is better way to prepare v1.4.9 and v1.5.0b2 results,
if you try short path to get the LOGO.
Thanks,
On Fri, 25 Jan 2008 14:55:40 -0700
Yinghui Yao <Yinghui.Yao@alcatel-lucent.com> wrote:
> Could you answer my question on RH0? Do I need to pass 100% on these RH0
> test cases in Self_Test_1.4.9?
>
> Thanks,
> Yinghui Yao
> Alcatel-Lucent
>
>
On Fri, 25 Jan 2008 14:41:04 -0700
Yinghui Yao <Yinghui.Yao@alcatel-lucent.com> wrote:
> I really appreciate your help.
>
> We are making a router which has our customized kernel which is derived
> from KAME. Our behavior on RH0 is dropping the packet and sending back
> ICMP. The failed tests are "IPv6 Specification: 56, 59, 60, 63, 64, 65."
>
> Are TAHI folks on this mailing list? Or is there a separate list? I want
> to ask them about the "100% pass policy" on this RFC 5095 case. Any
> other guys out there having my problems?
>
> Thanks,
> Yinghui Yao
> Alcatel-Lucent
>
> Subhendu Ghosh wrote:
> > It doesn't matter which kernel version fails or how it fails.
> >
> > It is more a question of policy with regards to existing non-beta test
> > suite and RFC status.
> >
> > Self_Test_1_4_9 has been out for a while and RFC5095 has been out for
> > a month.
> >
> > Does an intersection of Self_Test_1_4_9 and RFC5095 satisfy Logo
> > requirements?
> >
> > Does an intersection of Self_Test_1_4_9 and CVE-2007-2242 satisfy Logo
> > requirements?
> >
> > The consensus for the CVE workaround was to drop the RH0 packets with
> > no action. RFC 5095 changes that consensus to require a ICMP parameter
> > problem message.
> >
> > According to the statements from the TAHI folks after the CVE was
> > issued, it seemed to indicate that Self_Test_1_4_9 as shipped had to
> > be passed 100% unmodified for Logo requirements.
> >
> > -regards
> > Subhendu Ghosh
> >
> > Karsten Keil wrote:
> >> On Fri, Jan 25, 2008 at 08:56:30AM -0700, Yinghui Yao wrote:
> >>> Hi,
> >>>
> >>> Can anyone please give me an answer for this?
> >>>
> >>
> >> Which kernel do you use and which test do fail ?
> >> Afaik here was a wrong securety fix in some kernel versions which
> >> did disable RH0 handling completely, instead to send correct ICMP
> >> messages.
> >>
> >>
> >>> Thanks,
> >>> Yinghui Yao
> >>> Alcatel-Lucent
> >>>
> >>> Yinghui Yao wrote:
> >>>> Hi,
> >>>>
> >>>> Let's not talk about the beta program. I need to pass Self_Test_1_4_9
> >>>> and now our NUT is dropping the RH0 packet. Is that acceptable in your
> >>>> evaluation process or we have to modify our program to pass "100%" of
> >>>> your tests.
> >>>>
> >>>> Thanks,
> >>>> Yinghui Yao
> >>>> Alcatel-Lucent
> >>>>
> >>>> Hiroshi MIYATA wrote:
> >>>>
> >>>>> Hi all,
> >>>>>
> >>>>> You know IPv6 Logo Program is planing to update the IPv6 core test
> >>>>> specification.
> >>>>> It was under public review.(until 3rd, Jan.)
> >>>>> And RH0 is covered in the latest version under public review.
> >>>>> Please visit here.
> >>>>> http://www.ipv6ready.org/announcement/public_review20071204_p2core.html
> >>>>>
> >>>>>
> >>>>>
> >>>>> And the test tool is compliant to this test test specification.
> >>>>> http://www.tahi.org/logo/release/Self_Test_1-5-0b1.tgz
> >>>>>
> >>>>> Disabling RH0 is not mandated at this moment, but it is selectable.
> >>>>> We may need some discussion on this.
> >>>>> Although, the public review is over, if you have some comments about
> >>>>> this, v6LC welcome your comments.
> >>>>>
> >>>>> Thanks,
> >>>>>
> >>>>> ....miyata
> >>>>>
> >>>>> On 2008/01/02, at 12:22, sghosh@redhat.com wrote:
> >>>>>
> >>>>>
> >>>>>> Self Test 1.5.0-b2 (beta)
> >>>>>> Includes the some of the bits to see if Type0 should be supported or
> >>>>>> not.
> >>>>>> See config.txt in the testsuite. RFC5095 was just published on
> >>>>>> Standards Track
> >>>>>> deprecating RH0 and specifying the required behavior. ICMP Parameter
> >>>>>> Problem is
> >>>>>> now required. The testsuite could not be changed until the RFC was
> >>>>>> published.
> >>>>>>
> >>>>>> The original fix for the CVE in some distributions like RHEL was to
> >>>>>> silently
> >>>>>> drop the packet. That behavior needs to be updated.
> >>>>>>
> >>>>>> -regards
> >>>>>> Subhendu Ghosh
> >>>>>>
> >>>>>>
> >>>>>> Quoting Gui Jianfeng <guijianfeng@cn.fujitsu.com>:
> >>>>>>
> >>>>>>
> >>>>>>> Who knows? :-)
> >>>>>>>
> >>>>>>> Gui Jianfeng 写道:
> >>>>>>>
> >>>>>>>> Hi all,
> >>>>>>>> IPV6 routing header with type 0 doesn't support by latest linux
> >>>>>>>> kernel any more,
> >>>>>>>> but some of the IPV6 ct test cases are still based on routing
> >>>>>>>> header of type 0.
> >>>>>>>> I'd like to know, whether this kind of test cases will be removed
> >>>>>>>> or updated?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Regards
> >>>>>>>> Gui Jianfeng
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>>>>>
> >>>>>>> Regards
> >>>>>>> Gui Jianfeng
> >>>>>>> --------------------------------------------------
> >>>>>>> Gui Jianfeng
> >>>>>>> Development Dept.I
> >>>>>>> Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
> >>>>>>> 8/F., Civil Defense Building, No.189 Guangzhou Road,
> >>>>>>> Nanjing, 210029, China
> >>>>>>> TEL: +86+25-86630566-838
> >>>>>>> COINS: 79955-838
> >>>>>>> FAX: +86+25-83317685
> >>>>>>> MAIL:guijianfeng@cn.fujitsu.com
> >>>>>>> --------------------------------------------------
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>
> >
>
>
>
------------------------------------------------------------------------
Yukiyo Akisada <akisada@tahi.org>