Re: kernel/2876: pf does not check v6 header in v6 option header

The following reply was made to PR kernel/2876; it has been noted by GNATS.

From: Daniel Hartmeier <daniel@benzedrine.cx> To: HAMAJIMA Katsuomi <hamajima@nagoya.ydc.co.jp> Cc: gnats@openbsd.org, itojun@openbsd.org, mcbride@openbsd.org Subject: Re: kernel/2876: pf does not check v6 header in v6 option header Date: Fri, 8 Nov 2002 16:36:28 +0100

 On Fri, Nov 08, 2002 at 10:17:08PM +0900, HAMAJIMA Katsuomi wrote:  

> This is XCAST6 packet.
 

 Here's how I'd read that packet, please correct me if I'm wrong.  

 The first IPv6 header is always 40 bytes:  

> 0x0000 6000 0000 00a5 0008 2001 0368 0003 0001 `..........h....
> 0x0010 02d0 b7ff fea0 99a0 2001 0268 1501 0020 ...........h....
> 0x0020 0202 b3ff fe49 8b80 .....I..
 

 Total size is 40 + 165 == 205 bytes, which matches the dumped data.  

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

 Next header value is 0x00, so we expect a hop-by-hop options header  next:  

> 0x0020 2900 2700 0102 17b5 ).'.....
 

 First 8 bits of the hop-by-hop header is the next header value, 0x29  here.  

 Next 8 bits is the length of the hop-by-hop header, in multiples of  8 bytes, excluding the first 8 bytes, so the total length of the  hop-by-hop header is 8 bytes.  

 Then come the TLV-encoded options: first option type 0x27 date length  0x00, then type 0x01 length 0x02 with 2 bytes of data 0x17b5.  

 The next header value 0x29 (decimal 41) is IPPROTO_IPV6 ("IPv6 in  IPv6"). This is not skipped by pf, but gets filtered. That's why you  can't match these packets with 'proto udp'.  

 I can't find anything in draft-ooms-xcast-basic-spec-03.txt that would  explain the 0x29 header. If you suggest that we skip over IPPROTO_IPV6  headers in pf, I'd like to ask itojun for comments.  

 Daniel Received on Fri Nov 8 13:57:30 2002

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek