draft-ietf-6man-icmp-limits-01.txt   draft-ietf-6man-icmp-limits-02.txt 
INTERNET-DRAFT T. Herbert INTERNET-DRAFT T. Herbert
Intended Status: Standard Quantonium Intended Status: Standard Quantonium
Expires: November 2019 Expires: November 2019
May 1, 2019 May 23, 2019
ICMPv6 errors for discarding packets due to processing limits ICMPv6 errors for discarding packets due to processing limits
draft-ietf-6man-icmp-limits-01 draft-ietf-6man-icmp-limits-02
Abstract Abstract
Network nodes may discard packets if they are unable to process Network nodes may discard packets if they are unable to process
protocol headers of packets due to processing constraints or limits. protocol headers of packets due to processing constraints or limits.
When such packets are dropped, the sender receives no indication so When such packets are dropped, the sender receives no indication so
it cannot take action to address the cause of discarded packets. This it cannot take action to address the cause of discarded packets. This
document defines ICMPv6 errors that can be sent by a node that document defines ICMPv6 errors that can be sent by a node that
discards packets because it is unable to process the protocol discards packets because it is unable to process the protocol
headers. A node that receives such an ICMPv6 error may be able to headers. A node that receives such an ICMPv6 error may be able to
skipping to change at page 2, line 27 skipping to change at page 2, line 27
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Extension header limits . . . . . . . . . . . . . . . . . . 3 1.1 Extension header limits . . . . . . . . . . . . . . . . . . 3
1.2 Aggregate header limits . . . . . . . . . . . . . . . . . . 4 1.2 Aggregate header limits . . . . . . . . . . . . . . . . . . 4
2 ICMPv6 errors for extension header limits . . . . . . . . . . . 4 2 ICMPv6 errors for extension header limits . . . . . . . . . . . 4
2.1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Unrecognized Next Header type encountered (code 1) . . . . . 5 2.2 Unrecognized Next Header type encountered (code 1) . . . . . 5
2.3 Extension header too big (code 4) . . . . . . . . . . . . . 5 2.3 Extension header too big (code 4) . . . . . . . . . . . . . 5
2.4 Extension header chain too long (code 5) . . . . . . . . . . 6 2.4 Extension header chain too long (code 5) . . . . . . . . . . 6
2.5 Too many options in extension header (code 6) . . . . . . . 6 2.5 Too many options in extension header (code 6) . . . . . . . 6
3 ICMPv6 error for aggregate header limits . . . . . . . . . . . 6 2.6 Option too big (code 7) . . . . . . . . . . . . . . . . . . 6
3.1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3 ICMPv6 error for aggregate header limits . . . . . . . . . . . 7
3.2 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.1 Priority of reporting . . . . . . . . . . . . . . . . . . . 8 4.1 Priority of reporting . . . . . . . . . . . . . . . . . . . 8
4.2 Host response . . . . . . . . . . . . . . . . . . . . . . . 8 4.2 Host response . . . . . . . . . . . . . . . . . . . . . . . 9
5 Security Considerations . . . . . . . . . . . . . . . . . . . . 9 5 Security Considerations . . . . . . . . . . . . . . . . . . . . 10
6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 10 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 11
6.1 Parameter Problem codes . . . . . . . . . . . . . . . . . . 10 6.1 Parameter Problem codes . . . . . . . . . . . . . . . . . . 11
6.2 Destination Unreachable codes . . . . . . . . . . . . . . . 10 6.2 Destination Unreachable codes . . . . . . . . . . . . . . . 11
7 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 10 7 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 11
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1 Normative References . . . . . . . . . . . . . . . . . . . 10 8.1 Normative References . . . . . . . . . . . . . . . . . . . 11
8.2 Informative References . . . . . . . . . . . . . . . . . . 11 8.2 Informative References . . . . . . . . . . . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12
1 Introduction 1 Introduction
This document specifies ICMPv6 errors that can be sent when a node This document specifies ICMPv6 errors that can be sent when a node
discards a packet due to it being unable to process the necessary discards a packet due to it being unable to process the necessary
protocol headers because of processing constraints or limits. New protocol headers because of processing constraints or limits. New
ICMPv6 code points are defined as an update to [RFC4443]. Four of the ICMPv6 code points are defined as an update to [RFC4443]. Five of the
errors are specific to processing limits of extension headers; errors are specific to processing limits of extension headers;
another error is used when the aggregate protocol headers in a packet another error is used when the aggregate protocol headers in a packet
exceed the processing limits of a node. exceed the processing limits of a node.
1.1 Extension header limits 1.1 Extension header limits
In IPv6, optional internet-layer information is carried in one or In IPv6, optional internet-layer information is carried in one or
more IPv6 Extension Headers [RFC8200]. Extension Headers are placed more IPv6 Extension Headers [RFC8200]. Extension Headers are placed
between the IPv6 header and the Upper-Layer Header in a packet. The between the IPv6 header and the Upper-Layer Header in a packet. The
term "Header Chain" refers collectively to the IPv6 header, Extension term "Header Chain" refers collectively to the IPv6 header, Extension
skipping to change at page 4, line 5 skipping to change at page 4, line 5
Denial of Service attack of extension headers-- many devices impose Denial of Service attack of extension headers-- many devices impose
operational limits on extension headers in packets they process. operational limits on extension headers in packets they process.
[RFC7045] discusses the requirements of intermediate nodes that [RFC7045] discusses the requirements of intermediate nodes that
discard packets because of unrecognized extension headers. [RFC8504] discard packets because of unrecognized extension headers. [RFC8504]
discusses limits that may be applied on the number of options in Hop- discusses limits that may be applied on the number of options in Hop-
by-Hop or Destination Options extension headers. When a limit is by-Hop or Destination Options extension headers. When a limit is
exceeded, the typical behavior is to silently discard a packet. Both exceeded, the typical behavior is to silently discard a packet. Both
intermediate nodes and end hosts may institute limits on extension intermediate nodes and end hosts may institute limits on extension
header processing. header processing.
This document defines three Parameter Problem codes and extends the This document defines four Parameter Problem codes and extends the
applicably of an existing code that may be sent by a node that applicably of an existing code that may be sent by a node that
discards a packet due to processing limits of extension headers being discards a packet due to processing limits of extension headers being
exceeded. A source host that receives an ICMPv6 error can modify its exceeded. A source host that receives an ICMPv6 error can modify its
use of extension headers in subsequent packets sent to the use of extension headers in subsequent packets sent to the
destination in order to avoid further occurrences of packets being destination in order to avoid further occurrences of packets being
discarded. discarded.
1.2 Aggregate header limits 1.2 Aggregate header limits
Many hardware devices implement a parsing buffer of a fixed sized to Many hardware devices implement a parsing buffer of a fixed sized to
skipping to change at page 5, line 19 skipping to change at page 5, line 19
ICMPv6 Fields: ICMPv6 Fields:
Type Type
4 (Parameter Problem type) 4 (Parameter Problem type)
Code (pertinent to this specification) Code (pertinent to this specification)
1 - Unrecognized Next Header type encountered 1 - Unrecognized Next Header type encountered
4 - Extension header too big 4 - Extension header too big
5 - Extension header chain too long 5 - Extension header chain too long
6 - Too many options in extension header 6 - Too many options in extension header
7 - Option too big
Pointer Pointer
Identifies the octet offset within the invoking packet where Identifies the octet offset within the invoking packet where
the problem occurred. the problem occurred.
The pointer will point beyond the end of the ICMPv6 packet if The pointer will point beyond the end of the ICMPv6 packet if
the field having a problem is beyond what can fit in the the field having a problem is beyond what can fit in the
maximum size of an ICMPv6 error message. maximum size of an ICMPv6 error message.
2.2 Unrecognized Next Header type encountered (code 1) 2.2 Unrecognized Next Header type encountered (code 1)
skipping to change at page 6, line 32 skipping to change at page 6, line 33
2.5 Too many options in extension header (code 6) 2.5 Too many options in extension header (code 6)
An ICMPv6 Parameter Problem with code for "too many options in An ICMPv6 Parameter Problem with code for "too many options in
extension header" SHOULD be sent when a node discards a packet with extension header" SHOULD be sent when a node discards a packet with
an extension header that has a number of options that exceed the an extension header that has a number of options that exceed the
processing limits of the node. This code is applicable for processing limits of the node. This code is applicable for
Destination options and Hop-by-Hop options. The ICMPv6 Pointer field Destination options and Hop-by-Hop options. The ICMPv6 Pointer field
is set to the first octet of the first option that exceeds the limit. is set to the first octet of the first option that exceeds the limit.
2.6 Option too big (code 7)
An ICMPv6 Parameter Problem with code for "option too big" is sent in
two different cases: when the length of an individual option exceeds
a limit, or when the length or number of consecutive padding options
exceeds a limit.
If a packet is discarded because the length of a Hop-by-Hop or
Destination option exceeds a processing limit, a node SHOULD send an
ICMPv6 Parameter Problem with code equal to 7. The ICMPv6 Pointer
field is set to the offset of the first octet in the option that
exceeds the limit.
If a packet is discarded because the length or number of consecutive
padding options (PAD1 and PADN) exceeds a limit, a node SHOULD send
and an ICMPv6 Parameter Problem with code equal to 7. The ICMPv6
Pointer field is set to the offset of first octet of the padding
option that exceeds the limit.
Possible limits related to padding include:
* The number of consecutive PAD1 options in destination options or
hop-by-hop options is limited to seven octets [RFC8504].
* The length of a PADN options in destination options or hop-by-
hop options is limited seven octets [RFC8504].
* The aggregate length of a set of consecutive PAD1 or PADN
options in destination options or hop-by-hop options is limited
to seven octets.
3 ICMPv6 error for aggregate header limits 3 ICMPv6 error for aggregate header limits
One code is defined for Destination Unreachable type for aggregate One code is defined for Destination Unreachable type for aggregate
header limits. header limits.
3.1 Format 3.1 Format
The error for aggregate header limits employs a multi-part ICMPv6 The error for aggregate header limits employs a multi-part ICMPv6
message format as defined in [RFC4884]. The extended structure message format as defined in [RFC4884]. The extended structure
contains a pointer to the octet beyond the limit. contains a pointer to the octet beyond the limit.
The format of the ICMPv6 message for an aggregate header limit The format of the ICMPv6 message for an aggregate header limit
exceeded is: exceeded is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| unused | Length | unused | | unused | Length | unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Internet Header + leading octets of original datagram | | Internet Header + leading octets of original datagram |
| | | |
| // | | // |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pointer | | Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IPv6 Fields: IPv6 Fields:
skipping to change at page 8, line 24 skipping to change at page 8, line 51
For instance, the number of extension headers in a packet might For instance, the number of extension headers in a packet might
exceed a limit and the aggregate length of protocol headers might exceed a limit and the aggregate length of protocol headers might
also exceed a limit. Only one ICMPv6 error SHOULD be sent for a also exceed a limit. Only one ICMPv6 error SHOULD be sent for a
packet, so a priority is defined to determine which error to report. packet, so a priority is defined to determine which error to report.
The RECOMMENDED reporting priority of ICMPv6 errors for processing The RECOMMENDED reporting priority of ICMPv6 errors for processing
limits is from highest to lowest priority: limits is from highest to lowest priority:
1) Real error (existing codes) 1) Real error (existing codes)
2) Unrecognized Next Header type encountered by an intermediate 2) "Unrecognized Next Header type" encountered by an intermediate
node node
3) Too many options in an extension header 3) "Extension header too big"
4) Extension header too big 4) "Option too big" for length or number of consecutive padding
options exceeding a limit
5) Extension header chain too long for number of extension headers 5) "Option too big" for the length of an option exceeding a limit
exceeding a limit
6) Extension header chain too long for size of the extension 6) "Too many options in an extension header"
7) "Extension header chain too long" for number of extension
headers exceeding a limit
8) "Extension header chain too long" for size of the extension
header chain exceeding a limit header chain exceeding a limit
7) Headers too long 9) "Headers too long"
4.2 Host response 4.2 Host response
When a source host receives an ICMPv6 error for a processing limit When a source host receives an ICMPv6 error for a processing limit
being exceeded, it SHOULD verify the ICMPv6 error is valid and take being exceeded, it SHOULD verify the ICMPv6 error is valid and take
an appropriate action. an appropriate action.
The ICMPv6 error SHOULD be logged with sufficient detail for The ICMPv6 error SHOULD be logged with sufficient detail for
debugging packet loss. The details of the error, including the debugging packet loss. The details of the error, including the
addresses and the offending extension header or data, should be addresses and the offending extension header or data, should be
skipping to change at page 9, line 17 skipping to change at page 9, line 49
* An error SHOULD be reported to an application if the application * An error SHOULD be reported to an application if the application
enabled extension headers for its traffic. In response, The enabled extension headers for its traffic. In response, The
application MAY terminate communications if extension headers application MAY terminate communications if extension headers
are required, stop using extension headers in packets to the are required, stop using extension headers in packets to the
destination indicated by the ICMPv6 error, or attempt modify its destination indicated by the ICMPv6 error, or attempt modify its
use of extension headers or headers to avoid further packet use of extension headers or headers to avoid further packet
discards. discards.
* A host system SHOULD take appropriate action if it is * A host system SHOULD take appropriate action if it is
automatically inserting extension headers into packets automatically inserting extension headers into packets on behalf
unbeknownst to the application. If the offending extension of the application. If the offending extension header is not
header is not required for communication, the host MAY either required for communication, the host MAY either stop sending it
stop sending it or otherwise modify its use in subsequent or otherwise modify its use in subsequent packets sent to the
packets sent to the destination indicated in the ICMPv6 error. destination indicated in the ICMPv6 error.
5 Security Considerations 5 Security Considerations
This document does not introduce any new security concerns for use of This document does not introduce any new security concerns for use of
ICMPv6 errors. The security considerations for ICMPv6 described in ICMPv6 errors. The security considerations for ICMPv6 described in
[RFC4443] are applicable. [RFC4443] are applicable.
6 IANA Considerations 6 IANA Considerations
6.1 Parameter Problem codes 6.1 Parameter Problem codes
IANA is requested to assign the following codes for ICMPv6 type 4 IANA is requested to assign the following codes for ICMPv6 type 4
"Parameter Problem": "Parameter Problem":
4 - Extension header too big 4 - Extension header too big
5 - Extension header chain too long 5 - Extension header chain too long
6 - Too many options in extension header 6 - Too many options in extension header
7 - Option too big
6.2 Destination Unreachable codes 6.2 Destination Unreachable codes
IANA is requested to assign the following codes for ICMPv6 type 1 IANA is requested to assign the following codes for ICMPv6 type 1
"Destination Unreachable": "Destination Unreachable":
8 - Headers too long 8 - Headers too long
7 Acknowledgments 7 Acknowledgments
The author would like to thank Ron Bonica, Bob Hinden for their The author would like to thank Ron Bonica and Bob Hinden for their
comments and suggestions that improved this document. comments and suggestions that improved this document.
8 References 8 References
8.1 Normative References 8.1 Normative References
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Protocol Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification", RFC 4443, DOI Version 6 (IPv6) Specification", RFC 4443, DOI
10.17487/RFC4443, March 2006, <http://www.rfc- 10.17487/RFC4443, March 2006, <http://www.rfc-
 End of changes. 18 change blocks. 
31 lines changed or deleted 71 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/