IPv6 fragments handling
神明達哉
jinmei at wide.ad.jp
Mon Dec 22 16:59:15 UTC 2014
At Sat, 20 Dec 2014 23:40:37 +0100,
Ilya Bakulin <ilya at bakulin.de> wrote:
> But what we do is just silently discarding the overlapping segment, see [2].
> When using PF with fragment reassembly, the behavior changes to what RFC
> says
> and the packet is completely dropped.
>
> There is no security issue with current behavior, because the already
> received
> part is never overwritten, but following RFC a bit closer would be nice.
>
> Maybe we should fix the stack to drop such packets?
That would be a nice cleanup (the current implementation you cited
seems to be written way before RFC5722, so it's not surprising it
doesn't follow the latest recommendation).
>
> [1] https://tools.ietf.org/html/rfc5722#section-4
> [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443
--
JINMEI, Tatuya
More information about the freebsd-net
mailing list