draft-ietf-dhc-dhcpv6-unknown-msg-00.txt   draft-ietf-dhc-dhcpv6-unknown-msg-01.txt 
DHC Working Group Y. Cui DHC Working Group Y. Cui
Internet-Draft Q. Sun Internet-Draft Q. Sun
Intended status: Standards Track Tsinghua University Intended status: Standards Track Tsinghua University
Expires: October 26, 2013 T. Lemon Expires: December 28, 2013 T. Lemon
Nominum, Inc. Nominum, Inc.
April 24, 2013 June 26, 2013
Handling Unknown DHCPv6 Messages Handling Unknown DHCPv6 Messages
draft-ietf-dhc-dhcpv6-unknown-msg-00 draft-ietf-dhc-dhcpv6-unknown-msg-01
Abstract Abstract
Dynamic Host Configuration Protocol version 6 (DHCPv6) isn't specific Dynamic Host Configuration Protocol version 6 (DHCPv6) isn't specific
about handling messages with unknown types. This document describes about handling messages with unknown types. This memo describes the
the problems and defines how a DHCPv6 function node should behave in problems and defines how a DHCPv6 function node should behave in this
this case. This document updates RFC3315. case. This document updates RFC3315.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 26, 2013. This Internet-Draft will expire on December 28, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 12 skipping to change at page 2, line 12
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . . 3
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . . 3 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . . 3
4. Relay Agent Behavior Update . . . . . . . . . . . . . . . . . . 3 4. Relay Agent Behavior Update . . . . . . . . . . . . . . . . . . 3
4.1. Definition of a Valid Message . . . . . . . . . . . . . . . 3 4.1. Definition of a Valid Message . . . . . . . . . . . . . . . 4
4.2. Relaying a Message towards Server . . . . . . . . . . . . . 4 4.2. Relaying a Message towards Server . . . . . . . . . . . . . 4
4.3. Relaying a Message towards Client . . . . . . . . . . . . . 4 4.3. Relaying a Message towards Client . . . . . . . . . . . . . 4
5. Client and Server Behavior Update . . . . . . . . . . . . . . . 4 5. Client and Server Behavior Update . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
8. Contributors List . . . . . . . . . . . . . . . . . . . . . . . 5 8. Contributors List . . . . . . . . . . . . . . . . . . . . . . . 6
9. Normative References . . . . . . . . . . . . . . . . . . . . . 5 9. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
Dynamic Host Configuration Protocol version 6 (DHCPv6) [RFC3315] Dynamic Host Configuration Protocol version 6 (DHCPv6) [RFC3315]
provides a framework for conveying IPv6 configuration information to provides a framework for conveying IPv6 configuration information to
hosts on a TCP/IP network. But [RFC3315] is not specific about how hosts on a TCP/IP network. But [RFC3315] is not specific about how
to deal with message with unrecognized types. This document describe to deal with message with unrecognized types. This document describe
the problems and defines the behavior of a DHCPv6 function node in the problems and defines the behavior of a DHCPv6 function node when
this case. This document updates [RFC3315]. handling unknown DHCPv6 messages. This document updates [RFC3315].
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Problem Statement 3. Problem Statement
The relay agent is bound to send a message either to the server or to The relay agent is bound to send a message either to the server or to
the client. But RFC3315 doesn't specify how the relay agent can find the client. But RFC3315 doesn't explicitly describe how the relay
out it should send a message towards the server or towards the agent can find out it should send a message towards the server or
client. towards the client.
Another issue is that, there is no statement in RFC3315 about what a Another issue is that, it's not specific in RFC3315 about what a
relay agent should do when receiving message types it doesn't relay agent should do if it doesn't recognize the received messages.
recognize. The relay agent isn't required to relay the messages, nor The relay agent isn't required to relay the messages, nor advised to
advised to drop them. drop them.
In addition, there is no specific requirement of the client or server In addition, there is no specific requirement of the client or server
on dealing with an unknown message in RFC3315. on dealing with an unknown message in RFC3315.
4. Relay Agent Behavior Update 4. Relay Agent Behavior Update
A relay agent is responsible for relaying messages between the client A relay agent relays the message towards the server or the client
and server. The Relay-reply message is meant to be sent to the according to the message type. Relay-reply messages are sent toward
client side (downlink), while the Relay-forward message and other the client. The Relay-forward message and other types of message are
types of message are meant to be sent to the server side (uplink). A sent toward the server.
relay agent should determine whether the message should be relayed
towards the server or the client according to message types. We say "toward the client" and "toward the server" because relay
agents may be chained together, so a relay message may be sent
through multiple relays along the path to its destination. Relay-
reply messages specify a destination address; the relay agent
extracts the encapsulated message and sends it to the specified
destination address. Any message other than a Relay-reply does not
have such a specified destination, so it follows the default
forwarding path configured on the relay agent, which is always toward
the server.
4.1. Definition of a Valid Message 4.1. Definition of a Valid Message
Section 20.1 of [RFC3315] states that: Section 20.1 of [RFC3315] states that:
"When a relay agent receives a valid message to be relayed, it "When a relay agent receives a valid message to be relayed, it
constructs a new Relay-forward message." constructs a new Relay-forward message."
However it doesn't specify what a valid message is. In this
document, we define that a message is valid for constructing a new It doesn't define what a valid message is. In this document, we
Relay-forward message if it is not a Relay-reply message. specify the definition: the message is valid for constructing a new
Relay-forward message if the recipient is a relay agent, the relay
agent does not identify itself as the intended recipient, and the
message is not a Relay-Reply message.
We state the definition in this way for the following reasons:
o Any message received by a client or server is clearly not a
candidate for forwarding.
o Any message received by the relay in response to a message it has
sent to the server-e.g., a RECONFIGURE-REPLY message-is also not a
candidate for forwarding.
o A standards-compliant DHCP server will never send a message to a
relay other than in response to a message from a relay, so there
should never be a case where a relay receives a message for which
it is the intended recipient, but is not able to recognize that it
is the intended recipient for the message.
o A Relay-Reply message is an encapsulation intended for the client
or for a relay agent closer to the client. It specifies a
destination, and hence is never to be encapsulated and sent back
to the server.
Any message that does not meet any of these criteria must therefore
be a message intended to be relayed to the DHCP server.
4.2. Relaying a Message towards Server 4.2. Relaying a Message towards Server
If the relay agent received a Relay-forward message, Section 20.1.2 If the relay agent received a Relay-forward message, Section 20.1.2
of [RFC3315] defines the related behavior. If the relay agent of [RFC3315] defines the related behavior. If the relay agent
received messages other than Relay-forward and Relay-reply, it MUST received messages other than Relay-forward and Relay-reply, it MUST
forward them as is described in Section 20.1.1 of [RFC3315]. forward them as is described in Section 20.1.1 of [RFC3315].
4.3. Relaying a Message towards Client 4.3. Relaying a Message towards Client
skipping to change at page 4, line 39 skipping to change at page 5, line 25
As the relay agent will forward all unknown types of DHCPv6 messages, As the relay agent will forward all unknown types of DHCPv6 messages,
a malicious attacker can interfere with the relaying function by a malicious attacker can interfere with the relaying function by
constructing fake DHCPv6 messages with arbitrary type code. The same constructing fake DHCPv6 messages with arbitrary type code. The same
problem may happen in current DHCPv4 and DHCPv6 practice where the problem may happen in current DHCPv4 and DHCPv6 practice where the
attacker has to construct the fake DHCP message with an known type attacker has to construct the fake DHCP message with an known type
code. code.
Clients and servers that implement this specification will discard Clients and servers that implement this specification will discard
unknown DHCPv6 messages. Since RFC3315 did not specify either relay, unknown DHCPv6 messages. Since RFC3315 did not specify either relay,
client or server behavior in the presence of unknown messages, it is client or server behavior in the presence of unknown messages, it is
possible that some server or client that has not been updated to possible that some servers or clients that have not been updated to
conform to this specification might be made vulnerable to client conform to this specification might be made vulnerable to client
attacks through the relay agent. attacks through the relay agent.
For this reason, we recommend that relay agents, clients and servers For this reason, we recommend that relay agents, clients and servers
be updated to follow this new specification. However, in most be updated to follow this new specification. However, in most
deployment scenarios, it will be much easier to attack clients deployment scenarios, it will be much easier to attack clients
directly than through a relay; furthermore, attacks using unknown directly than through a relay; furthermore, attacks using unknown
message types are already possible on the local wire. message types are already possible on the local wire.
So in most cases, if clients are not upgraded there should be minimal So in most cases, if clients are not upgraded there should be minimal
 End of changes. 13 change blocks. 
33 lines changed or deleted 67 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/