| Internet-Draft | icmp-eh-len | August 2025 |
| Bonica, et al. | Expires 15 February 2026 | [Page] |
The ICMP Extension Structure (RFC4884) does not have a length field. Therefore, unless the length of the Extension Structure can be inferred from other data in the ICMP message, the Extension Structure must be the last item in the ICMP message.¶
This document updates RFC 4884 to define a length field for the ICMP Extension Structure. When length information is provided, receivers can use it to parse ICMP messages. Specifically, receivers can use length information to determine the offset at which the item after the ICMP Extension Structure begins.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 15 February 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The ICMP Extension Structure [RFC4884] does not have a length field. This means it is expected to be the last element of an ICMP message. However, there are cases where additional fields need to be inserted after the ICMP Extension Structure.¶
For example, [I-D.ietf-intarea-rfc8335bis] enhances the PROBE utility by adding a new field to ICMP Extended Echo and ICMP Extended Echo Reply messages. To maintain compatibility with existing PROBE implementations, this new field is placed after the ICMP Extension Structure.¶
Because the ICMP Extension Structure does not have a length field, [I-D.ietf-intarea-rfc8335bis] requires implementations to determine the length of the extension structure from the known message format and the assumption that these packets contain only a single ICMP Extension Object.¶
This special handling for PROBE packets is not ideal. For future use, a mechanism to explicitly specify the extension structure length would be beneficial.¶
This document adds a length field to the ICMP Extension Header. It does not define data items that might follow the ICMP Extension Structure.¶
The specifications of this document apply to all ICMP Extension Structures, regardless of whether they appear in ICMPv4 [RFC0792] or ICMPv6 [RFC4443] messages.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
An ICMP Extension Structure contains exactly one Extension Header followed by one or more objects. The Extension Header format is defined in Section 7 of [RFC4884]. This document modifies the Extension Header format by allocating the lower 8 bits of the reserved field for a new length field. Figure 1 depicts the updated Extension Header format.¶
Version: 4 bits.¶
Reserved (Rsvd): 4 bits¶
MUST be set to 0 by the sender and MUST be ignored by the receiver.¶
Length: 8 bits¶
This field represents the length of the ICMP Extension Structure, including all options and optional padding, but excluding the ICMP Extension Header. The length is measured in 4-byte words. Legacy implementations set this field to 0 as per section 7 of [RFC4884]. Therefore, implementation SHOULD NOT drop packets if this field is set to 0.¶
Checksum: 16 bits¶
As per [RFC4884], the checksum is the one's complement of the one's complement sum of the data structure, with the checksum field replaced by zero for the purpose of computing the checksum. An all-zero value means that no checksum was transmitted. See Section 5.2 of [RFC4884] for a description of how this field is used.¶
The ICMP Extension Structure MUST be zero-padded so that it ends on a 4-byte boundary. If it does not end on a 4-byte boundary, the receiving node will parse the ICMP message incorrectly and may discard it.¶
The receiver MUST silently discard an ICMP message in the following cases:¶
The length field in the ICMP Extension Header indicates that the ICMP Extension Structure is too large to fit in the ICMP message.¶
The length field in the final ICMP Extension Object indicates that the final ICMP Extension Object is too large to fit in the ICMP Extension Structure.¶
The final three bytes of the ICMP Extension Structure are neither padding (i.e., zeros) nor part of a well-formed ICMP Extension Object.¶
Legacy implementations that do not support the mechanism defined in this document set the length field to zero when sending a packet and ignore the length field in received ICMP messages.¶
Such implementations require one of the following:¶
The ICMP Extension Structure is final item in the ICMP packet.¶
The length of the ICMP Extension Structure can be inferred from other fields in the packet (e.g., [I-D.ietf-intarea-rfc8335bis].¶
Currently, no mechanisms rely on the ICMP extension structure length field. Should such mechanisms be defined in the future, backward compatibility with legacy implementations should be discussed for each case.¶
In Section 7 of [RFC4884], an ICMP Extension Header contains a 12-bit reserved field.¶
Section 3 of this document allocates the lower 8 bits of that field for a new length field. Figure 1 provides a diagram of the updated ICMP Extension header.¶
[RFC4884] offered no advice regarding the processing of malformed ICMP Extension Headers.¶
Section 3 of this document offers the following advice:¶
The receiver MUST silently discard an ICMP message in the following cases:¶
The length field in the ICMP Extension Header indicates that the ICMP Extension Structure is too large to fit in the ICMP message.¶
The length field in the final ICMP Extension Object indicates that the final ICMP Extension Object is too large to fit in the ICMP Extension Structure.¶
The final three bytes of the ICMP Extension Structure are neither padding (i.e., zeros) nor part of a well-formed ICMP Extension Object.¶
In [RFC4884], the ICMP Extension Structure was not required to end on a 4-byte boundary.¶
Section 3 of this document adds the following requirement:¶
The ICMP Extension Structure MUST be zero-padded so that it ends on a 4-byte boundary. If it does not end on a 4-byte boundary, the receiving node will parse the ICMP message incorrectly and may discard it.¶
This document requires no IANA actions.¶
This document introduces no security vulnerabilities. However, it does inherit security considerations from [RFC4884].¶
Thanks to Tom Herbert, Jen Linkova, Erik Vynke and Michael Welzl for their review and helpful suggestions.¶