Wrong Next Header field in compressed IPv6 extension headers
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
rohc | Status tracked in Rohc-main | |||||
1.2.x |
Won't Fix
|
Medium
|
Didier Barvaux | |||
1.3.x |
Won't Fix
|
Medium
|
Didier Barvaux | |||
Rohc-main |
Fix Released
|
Medium
|
Didier Barvaux |
Bug Description
test case: ipv6ext/udp (btw: this is a RTP stream)
The handling of the next header field needs correction.
See rfc 3095 p. 112:
5.8.4.1. Next Header field
...
All communicated uncompressed extension header items indicate their
own type in their Next Header field.
The next header field value has to be replaced by the value of its own type.
In this test case there is a hop-by-hop option and destination option.
This is the first rohc IR packet:
fd 02 ad 60 00 00 11 20
01 06 60 66 02 01 02 00
00 00 00 00 00 00 01 20
01 06 60 66 02 01 04 00
00 00 00 00 00 00 01 04
02 13 88 00 80 22 01 89
>>hop-by-hop<<
3c(00) 04 01 24 64 64 71 73
6b 6c 71 6b 6e 73 64 6b
6c 71 6e 2c 64 6c 71 73
64 6e 2c 71 6b 6c 73 64
6e 2c 71 64 66 6c 73 64
>>destination<<
11(3c) 04 01 24 64 64 71 73
6b 6c 71 6b 6e 73 64 6b
6c 71 6e 2c 64 6c 71 73
64 6e 2c 71 6b 6c 73 64
6e 2c 71 64 66 6c 73 64
11 c5 00 01
The very first 0x3c is the next header value
for destination option and has to be
replaced by 0, the protocol value of
hop-by-hop option 0x00. And the 0x11 is the value
of the next header in chain UDP and has to
be replaced by a 0x3c to indicate that is a
IPv6 destination header.
The UDP next header value 0x11 is transmitted
correctly in the Protocol field of the static part.
See 5.7.7.3. Initialization of IPv6 Header [IPv6]
...
Note: The Next Header field indicates the type of the following
header in the static chain, rather than being a copy of the Next
Header field of the original IPv6 header. See also section 5.7.7.8.
regards, Klaus
summary: |
- IPv6 extension header handling wrong + Wrong Next Header field in compressed IPv6 extension headers |
tags: | added: conformance ipv6 library |
to fix: c_generic.c, near line 1447, 1619, 1940:
Replace:
length = elt->item->length;
for(j = 0; j<length; j++)
with:
length = elt->item->length; >item-> type;
dest[counter] = (unsigned char)elt-
counter ++;
for(j = 1; j<length; j++)
regards, Klaus