Revision - 72a41f9 - Merge branch 'ipv6-reply-icmp-error-if-fragment-doesn-t-contain- [...]

Revision 72a41f956ac25868d182956ca607419e621bea19 authored by Jakub Kicinski on 31 October 2020, 20:16:07 UTC, committed by Jakub Kicinski on 31 October 2020, 20:16:08 UTC

Merge branch 'ipv6-reply-icmp-error-if-fragment-doesn-t-contain-all-headers'

Hangbin Liu says:

====================
IPv6: reply ICMP error if fragment doesn't contain all headers

When our Engineer run latest IPv6 Core Conformance test, test v6LC.1.3.6:
First Fragment Doesn’t Contain All Headers[1] failed. The test purpose is to
verify that the node (Linux for example) should properly process IPv6 packets
that don’t include all the headers through the Upper-Layer header.

Based on RFC 8200, Section 4.5 Fragment Header

  -  If the first fragment does not include all headers through an
     Upper-Layer header, then that fragment should be discarded and
     an ICMP Parameter Problem, Code 3, message should be sent to
     the source of the fragment, with the Pointer field set to zero.

The first patch add a definition for ICMPv6 Parameter Problem, code 3.
The second patch add a check for the 1st fragment packet to make sure
Upper-Layer header exist.

[1] Page 68, v6LC.1.3.6: First Fragment Doesn’t Contain All Headers part A, B,
C and D at https://ipv6ready.org/docs/Core_Conformance_5_0_0.pdf
[2] My reproducer:

import sys, os
from scapy.all import *

def send_frag_dst_opt(src_ip6, dst_ip6):
    ip6 = IPv6(src = src_ip6, dst = dst_ip6, nh = 44)

    frag_1 = IPv6ExtHdrFragment(nh = 60, m = 1)
    dst_opt = IPv6ExtHdrDestOpt(nh = 58)

    frag_2 = IPv6ExtHdrFragment(nh = 58, offset = 4, m = 1)
    icmp_echo = ICMPv6EchoRequest(seq = 1)

    pkt_1 = ip6/frag_1/dst_opt
    pkt_2 = ip6/frag_2/icmp_echo

    send(pkt_1)
    send(pkt_2)

def send_frag_route_opt(src_ip6, dst_ip6):
    ip6 = IPv6(src = src_ip6, dst = dst_ip6, nh = 44)

    frag_1 = IPv6ExtHdrFragment(nh = 43, m = 1)
    route_opt = IPv6ExtHdrRouting(nh = 58)

    frag_2 = IPv6ExtHdrFragment(nh = 58, offset = 4, m = 1)
    icmp_echo = ICMPv6EchoRequest(seq = 2)

    pkt_1 = ip6/frag_1/route_opt
    pkt_2 = ip6/frag_2/icmp_echo

    send(pkt_1)
    send(pkt_2)

if __name__ == '__main__':
    src = sys.argv[1]
    dst = sys.argv[2]
    conf.iface = sys.argv[3]
    send_frag_dst_opt(src, dst)
    send_frag_route_opt(src, dst)
====================

Link: https://lore.kernel.org/r/20201027123313.3717941-1-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

2 parent s 2f71e00 + 2efdaaa

Files
Changes

Permalinks

File	Mode	Size
asymmetric_keys
async_tx
842.c	-rw-r--r--	3.7 KB
Kconfig	-rw-r--r--	56.2 KB
Makefile	-rw-r--r--	7.6 KB
acompress.c	-rw-r--r--	4.7 KB
adiantum.c	-rw-r--r--	19.4 KB
aead.c	-rw-r--r--	7.2 KB
aegis.h	-rw-r--r--	1.8 KB
aegis128-core.c	-rw-r--r--	13.1 KB
aegis128-neon-inner.c	-rw-r--r--	6.3 KB
aegis128-neon.c	-rw-r--r--	1.9 KB
aes_generic.c	-rw-r--r--	57.6 KB
aes_ti.c	-rw-r--r--	2.0 KB
af_alg.c	-rw-r--r--	26.1 KB
ahash.c	-rw-r--r--	15.7 KB
akcipher.c	-rw-r--r--	4.0 KB
algapi.c	-rw-r--r--	29.5 KB
algboss.c	-rw-r--r--	5.9 KB
algif_aead.c	-rw-r--r--	15.6 KB
algif_hash.c	-rw-r--r--	9.5 KB
algif_rng.c	-rw-r--r--	8.4 KB
algif_skcipher.c	-rw-r--r--	9.6 KB
ansi_cprng.c	-rw-r--r--	10.7 KB
anubis.c	-rw-r--r--	27.8 KB
api.c	-rw-r--r--	13.8 KB
arc4.c	-rw-r--r--	2.1 KB
authenc.c	-rw-r--r--	13.1 KB
authencesn.c	-rw-r--r--	14.2 KB
blake2b_generic.c	-rw-r--r--	9.3 KB
blake2s_generic.c	-rw-r--r--	5.0 KB
blowfish_common.c	-rw-r--r--	15.5 KB
blowfish_generic.c	-rw-r--r--	3.2 KB
camellia_generic.c	-rw-r--r--	34.2 KB
cast5_generic.c	-rw-r--r--	20.5 KB
cast6_generic.c	-rw-r--r--	9.1 KB
cast_common.c	-rw-r--r--	12.9 KB
cbc.c	-rw-r--r--	5.1 KB
ccm.c	-rw-r--r--	23.4 KB
cfb.c	-rw-r--r--	6.1 KB
chacha20poly1305.c	-rw-r--r--	17.7 KB
chacha_generic.c	-rw-r--r--	3.9 KB
cipher.c	-rw-r--r--	2.5 KB
cmac.c	-rw-r--r--	7.5 KB
compress.c	-rw-r--r--	921 bytes
crc32_generic.c	-rw-r--r--	3.7 KB
crc32c_generic.c	-rw-r--r--	4.1 KB
crct10dif_common.c	-rw-r--r--	3.6 KB
crct10dif_generic.c	-rw-r--r--	3.1 KB
cryptd.c	-rw-r--r--	28.6 KB
crypto_engine.c	-rw-r--r--	15.3 KB
crypto_null.c	-rw-r--r--	5.3 KB
crypto_user_base.c	-rw-r--r--	12.0 KB
crypto_user_stat.c	-rw-r--r--	9.6 KB
ctr.c	-rw-r--r--	9.5 KB
cts.c	-rw-r--r--	11.5 KB
curve25519-generic.c	-rw-r--r--	2.2 KB
deflate.c	-rw-r--r--	7.7 KB
des_generic.c	-rw-r--r--	3.3 KB
dh.c	-rw-r--r--	5.4 KB
dh_helper.c	-rw-r--r--	3.4 KB
drbg.c	-rw-r--r--	59.7 KB
ecb.c	-rw-r--r--	2.4 KB
ecc.c	-rw-r--r--	39.0 KB
ecc.h	-rw-r--r--	8.0 KB
ecc_curve_defs.h	-rw-r--r--	1.9 KB
ecdh.c	-rw-r--r--	3.9 KB
ecdh_helper.c	-rw-r--r--	2.1 KB
echainiv.c	-rw-r--r--	4.1 KB
ecrdsa.c	-rw-r--r--	8.4 KB
ecrdsa_defs.h	-rw-r--r--	7.2 KB
ecrdsa_params.asn1	-rw-r--r--	142 bytes
ecrdsa_pub_key.asn1	-rw-r--r--	57 bytes
essiv.c	-rw-r--r--	17.8 KB
fcrypt.c	-rw-r--r--	18.0 KB
fips.c	-rw-r--r--	1.7 KB
gcm.c	-rw-r--r--	30.0 KB
geniv.c	-rw-r--r--	3.8 KB
gf128mul.c	-rw-r--r--	12.5 KB
ghash-generic.c	-rw-r--r--	4.8 KB
hash_info.c	-rw-r--r--	1.9 KB
hmac.c	-rw-r--r--	6.4 KB
internal.h	-rw-r--r--	3.8 KB
jitterentropy-kcapi.c	-rw-r--r--	6.2 KB
jitterentropy.c	-rw-r--r--	25.2 KB
jitterentropy.h	-rw-r--r--	643 bytes
keywrap.c	-rw-r--r--	9.5 KB
khazad.c	-rw-r--r--	51.8 KB
kpp.c	-rw-r--r--	2.7 KB
lrw.c	-rw-r--r--	10.6 KB
lz4.c	-rw-r--r--	3.3 KB
lz4hc.c	-rw-r--r--	3.4 KB
lzo-rle.c	-rw-r--r--	3.4 KB
lzo.c	-rw-r--r--	3.3 KB
md4.c	-rw-r--r--	5.9 KB
md5.c	-rw-r--r--	7.4 KB
memneq.c	-rw-r--r--	6.1 KB
michael_mic.c	-rw-r--r--	3.5 KB
nhpoly1305.c	-rw-r--r--	7.8 KB
ofb.c	-rw-r--r--	2.4 KB
pcbc.c	-rw-r--r--	4.6 KB
pcrypt.c	-rw-r--r--	9.2 KB
poly1305_generic.c	-rw-r--r--	3.7 KB
proc.c	-rw-r--r--	2.5 KB
ripemd.h	-rw-r--r--	1013 bytes
rmd128.c	-rw-r--r--	10.0 KB
rmd160.c	-rw-r--r--	12.4 KB
rmd256.c	-rw-r--r--	10.3 KB
rmd320.c	-rw-r--r--	12.8 KB
rng.c	-rw-r--r--	4.8 KB
rsa-pkcs1pad.c	-rw-r--r--	17.3 KB
rsa.c	-rw-r--r--	5.3 KB
rsa_helper.c	-rw-r--r--	4.0 KB
rsaprivkey.asn1	-rw-r--r--	316 bytes
rsapubkey.asn1	-rw-r--r--	82 bytes
salsa20_generic.c	-rw-r--r--	6.0 KB
scatterwalk.c	-rw-r--r--	2.0 KB
scompress.c	-rw-r--r--	6.8 KB
seed.c	-rw-r--r--	17.2 KB
seqiv.c	-rw-r--r--	4.5 KB
serpent_generic.c	-rw-r--r--	21.5 KB
sha1_generic.c	-rw-r--r--	2.3 KB
sha256_generic.c	-rw-r--r--	3.3 KB
sha3_generic.c	-rw-r--r--	8.0 KB
sha512_generic.c	-rw-r--r--	7.8 KB
shash.c	-rw-r--r--	15.1 KB
simd.c	-rw-r--r--	13.5 KB
skcipher.c	-rw-r--r--	24.8 KB
sm2.c	-rw-r--r--	10.1 KB
sm2signature.asn1	-rw-r--r--	113 bytes
sm3_generic.c	-rw-r--r--	4.1 KB
sm4_generic.c	-rw-r--r--	6.2 KB
streebog_generic.c	-rw-r--r--	57.6 KB
tcrypt.c	-rw-r--r--	78.4 KB
tcrypt.h	-rw-r--r--	3.0 KB
tea.c	-rw-r--r--	6.5 KB
testmgr.c	-rw-r--r--	145.2 KB
testmgr.h	-rw-r--r--	1.2 MB
tgr192.c	-rw-r--r--	30.3 KB
twofish_common.c	-rw-r--r--	37.1 KB
twofish_generic.c	-rw-r--r--	5.6 KB
vmac.c	-rw-r--r--	18.8 KB
wp512.c	-rw-r--r--	59.8 KB
xcbc.c	-rw-r--r--	6.7 KB
xor.c	-rw-r--r--	3.7 KB
xts.c	-rw-r--r--	11.7 KB
xxhash_generic.c	-rw-r--r--	2.4 KB
zstd.c	-rw-r--r--	5.0 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...