📄 rfc4443-icmpv6(2006).txt
字号:
Description
If an IPv6 node processing a packet finds a problem with a field in
the IPv6 header or extension headers such that it cannot complete
processing the packet, it MUST discard the packet and SHOULD
originate an ICMPv6 Parameter Problem message to the packet's source,
indicating the type and location of the problem.
Conta, et al. Standards Track [Page 12]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
Codes 1 and 2 are more informative subsets of Code 0.
The pointer identifies the octet of the original packet's header
where the error was detected. For example, an ICMPv6 message with a
Type field of 4, Code field of 1, and Pointer field of 40 would
indicate that the IPv6 extension header following the IPv6 header of
the original packet holds an unrecognized Next Header field value.
Upper Layer Notification
A node receiving this ICMPv6 message MUST notify the upper-layer
process if the relevant process can be identified (see Section 2.4,
(d)).
4. ICMPv6 Informational Messages
4.1. Echo Request Message
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-
IPv6 Fields:
Destination Address
Any legal IPv6 address.
ICMPv6 Fields:
Type 128
Code 0
Identifier An identifier to aid in matching Echo Replies
to this Echo Request. May be zero.
Conta, et al. Standards Track [Page 13]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
Sequence Number
A sequence number to aid in matching Echo Replies
to this Echo Request. May be zero.
Data Zero or more octets of arbitrary data.
Description
Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and originates corresponding Echo Replies. A
node SHOULD also implement an application-layer interface for
originating Echo Requests and receiving Echo Replies, for diagnostic
purposes.
Upper Layer Notification
Echo Request messages MAY be passed to processes receiving ICMP
messages.
4.2. Echo Reply Message
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-
IPv6 Fields:
Destination Address
Copied from the Source Address field of the invoking
Echo Request packet.
ICMPv6 Fields:
Type 129
Code 0
Identifier The identifier from the invoking Echo Request message.
Conta, et al. Standards Track [Page 14]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
Sequence Number
The sequence number from the invoking Echo Request
message.
Data The data from the invoking Echo Request message.
Description
Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and originates corresponding Echo Replies. A
node SHOULD also implement an application-layer interface for
originating Echo Requests and receiving Echo Replies, for diagnostic
purposes.
The source address of an Echo Reply sent in response to a unicast
Echo Request message MUST be the same as the destination address of
that Echo Request message.
An Echo Reply SHOULD be sent in response to an Echo Request message
sent to an IPv6 multicast or anycast address. In this case, the
source address of the reply MUST be a unicast address belonging to
the interface on which the Echo Request message was received.
The data received in the ICMPv6 Echo Request message MUST be returned
entirely and unmodified in the ICMPv6 Echo Reply message.
Upper Layer Notification
Echo Reply messages MUST be passed to the process that originated an
Echo Request message. An Echo Reply message MAY be passed to
processes that did not originate the Echo Request message.
Note that there is no limitation on the amount of data that can be
put in Echo Request and Echo Reply Messages.
5. Security Considerations
5.1. Authentication and Confidentiality of ICMP Messages
ICMP protocol packet exchanges can be authenticated using the IP
Authentication Header [IPv6-AUTH] or IP Encapsulating Security
Payload Header [IPv6-ESP]. Confidentiality for the ICMP protocol
packet exchanges can be achieved using the IP Encapsulating Security
Payload Header [IPv6-ESP].
[SEC-ARCH] describes the IPsec handling of ICMP traffic in detail.
Conta, et al. Standards Track [Page 15]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
5.2. ICMP Attacks
ICMP messages may be subject to various attacks. A complete
discussion can be found in the IP Security Architecture [IPv6-SA]. A
brief discussion of these attacks and their prevention follows:
1. ICMP messages may be subject to actions intended to cause the
receiver to believe the message came from a different source from
that of the message originator. The protection against this
attack can be achieved by applying the IPv6 Authentication
mechanism [IPv6-AUTH] to the ICMP message.
2. ICMP messages may be subject to actions intended to cause the
message or the reply to it to go to a destination different from
that of the message originator's intention. The protection
against this attack can be achieved by using the Authentication
Header [IPv6-AUTH] or the Encapsulating Security Payload Header
[IPv6-ESP]. The Authentication Header provides the protection
against change for the source and the destination address of the
IP packet. The Encapsulating Security Payload Header does not
provide this protection, but the ICMP checksum calculation
includes the source and the destination addresses, and the
Encapsulating Security Payload Header protects the checksum.
Therefore, the combination of ICMP checksum and the Encapsulating
Security Payload Header provides protection against this attack.
The protection provided by the Encapsulating Security Payload
Header will not be as strong as the protection provided by the
Authentication Header.
3. ICMP messages may be subject to changes in the message fields, or
payload. The authentication [IPv6-AUTH] or encryption [IPv6-ESP]
of the ICMP message protects against such actions.
4. ICMP messages may be used to attempt denial-of-service attacks by
sending back to back erroneous IP packets. An implementation that
correctly followed Section 2.4, paragraph (f), of this
specification, would be protected by the ICMP error rate limiting
mechanism.
5. The exception number 2 of rule e.3 in Section 2.4 gives a
malicious node the opportunity to cause a denial-of-service attack
to a multicast source. A malicious node can send a multicast
packet with an unknown destination option marked as mandatory,
with the IPv6 source address of a valid multicast source. A large
number of destination nodes will send an ICMP Parameter Problem
Message to the multicast source, causing a denial-of-service
attack. The way multicast traffic is forwarded by the multicast
routers requires that the malicious node be part of the correct
Conta, et al. Standards Track [Page 16]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
multicast path, i.e., near to the multicast source. This attack
can only be avoided by securing the multicast traffic. The
multicast source should be careful while sending multicast traffic
with the destination options marked as mandatory, because they can
cause a denial-of-service attack to themselves if the destination
option is unknown to a large number of destinations.
6. As the ICMP messages are passed to the upper-layer processes, it
is possible to perform attacks on the upper layer protocols (e.g.,
TCP) with ICMP [TCP-attack]. It is recommended that the upper
layers perform some form of validation of ICMP messages (using the
information contained in the payload of the ICMP message) before
acting upon them. The actual validation checks are specific to
the upper layers and are out of the scope of this specification.
Protecting the upper layer with IPsec mitigates these attacks.
ICMP error messages signal network error conditions that were
encountered while processing an internet datagram. Depending on
the particular scenario, the error conditions being reported might
or might not get solved in the near term. Therefore, reaction to
ICMP error messages may depend not only on the error type and code
but also on other factors, such as the time at which the error
messages are received, previous knowledge of the network error
conditions being reported, and knowledge of the network scenario
in which the receiving host is operating.
6. IANA Considerations
6.1. Procedure for New ICMPV6 Type and Code Value Assignments
The IPv6 ICMP header defined in this document contains the following
fields that carry values assigned from IANA-managed name spaces: Type
and Code. Code field values are defined relative to a specific Type
value.
Values for the IPv6 ICMP Type fields are allocated using the
following procedure:
1. The IANA should allocate and permanently register new ICMPv6 type
codes from IETF RFC publication. This is for all RFC types,
including standards track, informational, and experimental status,
that originate from the IETF and have been approved by the IESG
for publication.
2. IETF working groups with working group consensus and area director
approval can request reclaimable ICMPV6 type code assignments from
the IANA. The IANA will tag the values as "reclaimable in
future".
Conta, et al. Standards Track [Page 17]
RFC 4443 ICMPv6 (ICMP for IPv6) March 2006
The "reclaimable in the future" tag will be removed when an RFC is
published that documents the protocol as defined in 1. This will
make the assignment permanent and update the reference on the IANA
web pages.
At the point where the ICMPv6 type values are 85% assigned, the
IETF will review the assignments tagged "reclaimable in the
future" and inform the IANA which ones should be reclaimed and
reassigned.
3. Requests for new ICMPv6 type value assignments from outside the
IETF are only made through the publication of an IETF document,
per 1 above. Note also that documents published as "RFC Editor
contributions" [RFC-3978] are not considered IETF documents.
The assignment of new Code values for the Type values defined in this
document require standards action or IESG approval. The policy for
assigning Code values for new IPv6 ICMP Types not defined in this
document should be defined in the document defining the new Type
values.
6.2. Assignments for This Document
The following has updated assignments located at:
http://www.iana.org/assignments/icmpv6-parameters
The IANA has reassigned ICMPv6 type 1 "Destination Unreachable" code
2, which was unassigned in [RFC-2463], to:
2 - Beyond scope of source address
The IANA has assigned the following two new codes values for ICMPv6
type 1 "Destination⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -