IPv6: dropping RH0?

To: tech-net%netbsd.org@localhost
Subject: IPv6: dropping RH0?
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Thu, 19 Apr 2018 13:41:18 +0200

I say we nuke it, but in fact it's more complicated than that. The RH0 option
was obsoleted in RFC5095 [1], because it has security implications. While we
did drop RH0 in our input path, the code for the output path is still there.

In other words, we don't process any received RH0, but we can still emit
RH0s - not automatically, but on demand, if a user calls setsockopt to set a
routing option of type 0.

RFC5095 states that:

    "IPv6 implementations are no longer required to implement RH0 in any
     way."

Given this, the RH0s we emit won't go very far, they will likely be blocked
by the first router encountered. All the systems I looked at drop RH0s in
the input path, and at least PF was modified to kick RH0s by default.

You can find the RH0 code by looking for the "IPV6_RTHDR_TYPE_0" keyword on
NXR. It mostly comes down to ip6_output.c and xform_ah.c.

Wanted to know if someone would disagree on removing it, etc.

[1] https://tools.ietf.org/html/rfc5095

Follow-Ups:
- Re: IPv6: dropping RH0?
  - From: Fernando Gont

Prev by Date: Re: ifdef inet
Next by Date: Re: ifdef inet
Previous by Thread: ifdef inet
Next by Thread: Re: IPv6: dropping RH0?
Indexes:

Home | Main Index | Thread Index | Old Index