summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc6564.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc6564.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc6564.txt')
-rw-r--r--doc/rfc/rfc6564.txt339
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc6564.txt b/doc/rfc/rfc6564.txt
new file mode 100644
index 0000000..7ebe87c
--- /dev/null
+++ b/doc/rfc/rfc6564.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) S. Krishnan
+Request for Comments: 6564 Ericsson
+Updates: 2460 J. Woodyatt
+Category: Standards Track Apple
+ISSN: 2070-1721 E. Kline
+ Google
+ J. Hoagland
+ Symantec
+ M. Bhatia
+ Alcatel-Lucent
+ April 2012
+
+
+ A Uniform Format for IPv6 Extension Headers
+
+Abstract
+
+ In IPv6, optional internet-layer information is encoded in separate
+ headers that may be placed between the IPv6 header and the transport-
+ layer header. There are a small number of such extension headers
+ currently defined. This document describes the issues that can arise
+ when defining new extension headers and discusses the alternate
+ extension mechanisms in IPv6. It also provides a common format for
+ defining any new IPv6 extension headers, if they are needed.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc6564.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Krishnan, et al. Standards Track [Page 1]
+
+RFC 6564 Format for IPv6 Extension Headers April 2012
+
+
+Copyright Notice
+
+ Copyright (c) 2012 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Conventions Used in This Document ...............................3
+ 3. Applicability ...................................................3
+ 4. Proposed IPv6 Extension Header Format ...........................4
+ 5. Backward Compatibility ..........................................4
+ 6. Future Work .....................................................5
+ 7. Security Considerations .........................................5
+ 8. Acknowledgements ................................................5
+ 9. Normative References ............................................5
+
+1. Introduction
+
+ The base IPv6 standard [RFC2460] defines extension headers as an
+ expansion mechanism to carry optional internet-layer information.
+ Extension headers, with the exception of the Hop-by-Hop Options
+ header, are not usually processed on intermediate nodes. However,
+ several existing deployed IPv6 routers and several existing deployed
+ IPv6 firewalls, in contradiction to [RFC2460], are capable of parsing
+ past or ignoring all currently defined IPv6 extension headers (e.g.,
+ to examine transport-layer header fields) at wire speed (e.g., by
+ using custom Application-specific Integrated Circuits (ASICs) for
+ packet processing). Hence, one must also consider that any new IPv6
+ extension header will break IPv6 deployments that use these existing
+ capabilities.
+
+ Any IPv6 header or option that has hop-by-hop behavior, and is
+ intended for general use in the public IPv6 Internet, could be
+ subverted to create an attack on IPv6 routers that process packets
+ containing such a header or option. Reports from the field indicate
+ that some IP routers deployed within the global Internet are
+ configured either to ignore the presence of headers with hop-by-hop
+
+
+
+Krishnan, et al. Standards Track [Page 2]
+
+RFC 6564 Format for IPv6 Extension Headers April 2012
+
+
+ behavior or to drop packets containing headers with hop-by-hop
+ behavior.
+
+2. Conventions Used in This Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+3. Applicability
+
+ The base IPv6 standard [RFC2460] allows the use of both extension
+ headers and destination options in order to encode optional
+ destination information in an IPv6 packet. The use of destination
+ options to encode this information provides more flexible handling
+ characteristics and better backward compatibility than using
+ extension headers. Because of this, implementations SHOULD use
+ destination options as the preferred mechanism for encoding optional
+ destination information, and use a new extension header only if
+ destination options do not satisfy their needs. The request for
+ creation of a new IPv6 extension header MUST be accompanied by a
+ specific explanation of why destination options could not be used to
+ convey this information.
+
+ The base IPv6 standard [RFC2460] defines 3 extension headers (i.e.,
+ Routing header, Destination Options header, Hop-by-Hop Options
+ header) to be used for any new IPv6 options. The same standard only
+ allows the creation of new extension headers in limited circumstances
+ ([RFC2460], Section 4.6).
+
+ As noted above, the use of any option with hop-by-hop behavior can be
+ problematic in the global public Internet. New IPv6 extension
+ header(s) having hop-by-hop behavior MUST NOT be created or
+ specified. New options for the existing Hop-by-Hop Header SHOULD NOT
+ be created or specified unless no alternative solution is feasible.
+ Any proposal to create a new option for the existing Hop-by-Hop
+ Header MUST include a detailed explanation of why the hop-by-hop
+ behavior is absolutely essential in the document proposing the new
+ option with hop-by-hop behavior.
+
+ The use of IPv6 Destination Options to encode information provides
+ more flexible handling characteristics and better backward
+ compatibility than using a new extension header. Because of this,
+ new optional information to be sent SHOULD be encoded in a new option
+ for the existing IPv6 Destination Options header.
+
+
+
+
+
+
+Krishnan, et al. Standards Track [Page 3]
+
+RFC 6564 Format for IPv6 Extension Headers April 2012
+
+
+ Mindful of the need for compatibility with existing IPv6 deployments,
+ new IPv6 extension headers MUST NOT be created or specified, unless
+ no existing IPv6 extension header can be used by specifying a new
+ option for that existing IPv6 extension header. Any proposal to
+ create or specify a new IPv6 extension header MUST include a detailed
+ technical explanation of why no existing IPv6 extension header can be
+ used in the document proposing the new IPv6 extension header.
+
+4. Proposed IPv6 Extension Header Format
+
+ Any IPv6 extension headers defined in the future, keeping in mind the
+ restrictions specified in Section 3 and also the restrictions
+ specified in [RFC2460], MUST use the consistent format defined in
+ Figure 1. This minimizes breakage in intermediate nodes that examine
+ these extension headers.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Next Header | Hdr Ext Len | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+ | |
+ . .
+ . Header Specific Data .
+ . .
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Next Header 8-bit selector. Identifies the type of header
+ immediately following the extension header.
+ Uses the same values as the IPv4 Protocol field
+ [IANA_IP_PARAM].
+
+ Hdr Ext Len 8-bit unsigned integer. Length of the extension
+ header in 8-octet units, not including the first
+ 8 octets.
+
+ Header Specific Variable length. Fields specific to the
+ Data extension header.
+
+ Figure 1: Extension Header Layout
+
+5. Backward Compatibility
+
+ The scheme proposed in this document is not intended to be backward
+ compatible with all the currently defined IPv6 extension headers. It
+ applies only to newly defined extension headers. Specifically, the
+
+
+
+
+Krishnan, et al. Standards Track [Page 4]
+
+RFC 6564 Format for IPv6 Extension Headers April 2012
+
+
+ fragment header predates this document and does not follow the format
+ proposed in this document.
+
+6. Future Work
+
+ This document proposes one step in easing the inspection of extension
+ headers by middleboxes. There is further work required in this area.
+ Some issues that are left unresolved beyond this document include:
+
+ o There can be an arbitrary number of extension headers.
+
+ o Extension headers must be processed in the order they appear.
+
+ o Extension headers may alter the processing of the payload itself,
+ and hence the packet may not be processed properly without
+ knowledge of said header.
+
+7. Security Considerations
+
+ This document proposes a standard format for the IPv6 extension
+ headers that minimizes breakage at intermediate nodes that inspect
+ but do not understand the contents of these headers. Intermediate
+ nodes, such as firewalls, that skip over unknown headers might end up
+ allowing the setup of a covert channel from the outside of the
+ firewall to the inside using the data field(s) of the unknown
+ extension headers.
+
+8. Acknowledgements
+
+ The authors would like to thank Albert Manfredi, Bob Hinden, Brian
+ Carpenter, Erik Nordmark, Hemant Singh, Lars Westberg, Markku Savela,
+ Tatuya Jinmei, Thomas Narten, Vishwas Manral, Alfred Hoenes, Joel
+ Halpern, Ran Atkinson, Steven Blake, Jari Arkko, Kathleen Moriarty,
+ Stephen Farrell, Ralph Droms, Sean Turner, and Adrian Farrel for
+ their reviews and suggestions that made this document better.
+
+9. Normative References
+
+ [IANA_IP_PARAM] IANA, "IP Parameters",
+ <http://www.iana.org/assignments/ip-parameters>.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2460] Deering, S. and R. Hinden, "Internet Protocol,
+ Version 6 (IPv6) Specification", RFC 2460, December
+ 1998.
+
+
+
+
+Krishnan, et al. Standards Track [Page 5]
+
+RFC 6564 Format for IPv6 Extension Headers April 2012
+
+
+Authors' Addresses
+
+ Suresh Krishnan
+ Ericsson
+ 8400 Decarie Blvd.
+ Town of Mount Royal, QC
+ Canada
+ Phone: +1 514 345 7900 x42871
+ EMail: suresh.krishnan@ericsson.com
+
+
+ James Woodyatt
+ Apple Inc.
+ 1 Infinite Loop
+ Cupertino, CA 95014
+ US
+ EMail: jhw@apple.com
+
+
+ Erik Kline
+ Google
+ Mori Tower 26F
+ Roppongi 6-10-1
+ Minato ku
+ Tokyo 106-6126
+ Japan
+ Phone: +81 3-6384-9635
+ EMail: ek@google.com
+
+
+ James Hoagland
+ Symantec Corporation
+ 350 Ellis St.
+ Mountain View, CA 94043
+ US
+ EMail: Jim_Hoagland@symantec.com
+ URI: http://symantec.com/
+
+
+ Manav Bhatia
+ Alcatel-Lucent
+ Bangalore
+ India
+ EMail: manav.bhatia@alcatel-lucent.com
+
+
+
+
+
+
+
+Krishnan, et al. Standards Track [Page 6]
+