Re: RFC4291 - ff01::/16

Thu, 07 Feb 2013 09:59:08 -0800 

On 2/7/2013 9:26 AM, Alexandru Petrescu wrote:

Le 07/02/2013 13:49, Erik Hugne a écrit :

On Thu, Feb 07, 2013 at 11:44:22AM +0100, Alexandru Petrescu wrote:

Also, the implementation of that dropping may not be that
straightforward as at a quick first sight.

A stack presented with a packet whose dst's leftmost 16bits
precisely match ff01::/16 should be dropped _only_ if the src of
that packet is an address which does not belong to that stack (in
other words don't discard packets originated by stack and addressed
to self). ('be liberal in what you accept').



FreeBSD drops any packets sent to ff01::/16 if they did not originate
from the local host.
http://fxr.watson.org/fxr/source/netinet6/ip6_input.c#L555

Linux currently accept these, regardless of who sent them.


To me the FreeBSD is the obviously correct behavior. They are supposed
to be interface-local, hence not arriving from somewhere else. There
could be security implications with applications using this to pass
packets between them and not expecting that a forged packet could be
arriving from the outside. Checking the source address is not sufficient
IMO.

Stig


That says to me that could be clarified, so that implementers make
interoperable implementations.

In one sense, one wouldn't want a Linux to behave unexpectedly when a
FreeBSD sent it a packet whose IP dst is ff01::/64 with the right MAC
dst address.

In another sense, one wouldn't want a FreeBSD to drop packets sent by a
Linux which thinks everyone acts like him/her.

But this is speculative.  HAve you seen it in practice?  Which protocol
makes common use of ff01::/64?

Alex



//E





--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to