Itojun,
The reason for allowing the unspecified address to be used as a source
address is to enable a node to send a packet from an interface before
it has an address for that interface. DAD is the one current example
where this is necessary; after a node has successfully DADed for a
link-local address for an interface, from that point on it can and should
use that link-local address (or any additional, successfully acquired
address) for any packets sent from that interface.
Therefore, the "be conservative in what you send" rule would say that a
host SHOULD not send packets with an unspecified source address if it has
any other address assigned to the originating interface. (I say SHOULD
instead of MUST, because I think it ought to be possible for an upper layer
protocol to force the transmission of packet with an unspecified source
address at any time, for debugging purposes or other uses we haven't
thought of yet).
The "be liberal in what you accept" rule would say that a node that receives
a packet destined to itself, with an unspecified source address, should
always pass it to the appropriate upper-layer protocol (based on Next
Header type). If a node receives a packet *not* destined to itself,
with an unspecified source address, it should silently drop the packet;
this is normal behavior for a host. As for a router, I am surprised and
embarrassed to see that the IPv6 Address Architecture spec does not say
that packets with unspecified source addresses MUST NOT be forwarded.
It ought to say that. (That's another little thing for us to fix, Bob!)
On to your specific questions:
> Please consider the following examples. Are these examples legal?
> - IPv6 ICMPv6 packet with unspecified source address, which is DAD.
> (this one should be legal, since it is documented in RFC2462)
Yes, that's legal of course.
> - IPv6 ICMPv6 packet with unspecified source address, which is NOT DAD.
Yes, that's legal. Whether it is acted upon by the ICMP layer in the
receiver depends on the nature of the message. Anything that requires
a reply (such as an Echo Request) will clearly fail, because it is
illegal to use the unspecified address as a destination address, i.e.,
the destination of the reply.
> - IPv6 TCP packet with unspecified source address.
> this form of packet can be used to make a DoS attack. careless
> implementation may create TCP control block with local
> address = mine, and foreign address = unspecified, in state SYN_RCVD.
> this may disable wildcard listening TCP socket from being contacted
TCP must perform sanity checks on incoming packets, beyond those required
by the base IPv6 spec. For example, TCP must discard packets with multicast
destination addresses. It should also discard packets with the unspecified
source address, because such an address cannot legally be used as the
destination address of packets going in the other direction.
> - IPv6 UDP packet with unspecified source address.
UDP-based applications must perform whatever sanity checks are necessary
to satisfy their own semantics. The UDP module itself should not prevent
the transmission or reception of packets with the unspecified source
address.
> - other upper layer protocol with unspecified source address.
Same as UDP.
> - mobile-ip6 home address option with unspecified address.
MUST NOT be sent; MUST be discarded if received. If you don't have a home
address, you shouldn't be using mobile IP. If you do have a home address,
that's what you should use in the home address option.
> - a router which forwards packets with unspecified source address.
> if we consider that DAD is the only legal use, we should not forward.
There may be legal uses other than DAD but, regardless, I think the
Address Architecture spec should say MUST NOT forward packets with
unspecified source address.
> my proposal is like below:
> - for IPv6 base specification, leave it as is or have more
> wording about it (like "whether unspecified address is legal or not
> is defined in the upper layer protocol")
I would be inclined to just add the MUST NOT FORWARD requirement, and
not say anything more in the IPv6-layer specs.
> - For TCP and UDP, make it illegal. this is to keep practice
> from IPv4 days and prevent possible implementation mistakes
> (as we inherited TCP and UDP from IPv4).
For TCP, yes, it should be illegal (along with other addresses. like
multicast destination addresses).
> - for ICMPv6, declare precisely when it is legal and when it is not.
> For example, "it is allowed only for DAD".
I think that's going too far. For those ICMP messages that trigger
responses, the response should be stopped by the check for unspecified
destination address (i.e., it is not illegal to receive a packet with
an unspecified source address, but it is illegal to send a packet with
an unspecified destination address). For other ICMP messages, go ahead
and try to proces the packet -- either it will have a useful result or
it will run into some other prohibition.
> - home address option should obey whatever RFC2460 says.
RFC-2460 doesn't mention the home address option; that option is defined
in the Mobile IPv6 spec.
> - for forwarding case, I'm not sure. what is the scope for ::?
> if it is linklocal or interface local (node local), maybe
> "beyond scope" icmp6 error.
As I said, forwarding of packets with unspecified source should be
forbidden. Effectively, that makes them link-local addresses (though
I think of the unspecified address as "the absence of an address"
which therefore has no scope). No ICMP error message can be sent,
because there is no (legal) address to send it to.
> - for other protocols, up to other protocol specifications.
Agreed.
Steve
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
