IPv6 fragments handling
Ilya Bakulin
ilya at bakulin.de
Sun Dec 28 19:30:52 UTC 2014
On 22.12.14, 17:59, 神明達哉 wrote:
> At Sat, 20 Dec 2014 23:40:37 +0100,
> Ilya Bakulin <ilya at bakulin.de> wrote:
>
>> But what we do is just silently discarding the overlapping segment, see [2].
>> When using PF with fragment reassembly, the behavior changes to what RFC
>> says
>> and the packet is completely dropped.
>>
>> There is no security issue with current behavior, because the already
>> received
>> part is never overwritten, but following RFC a bit closer would be nice.
>>
>> Maybe we should fix the stack to drop such packets?
> That would be a nice cleanup (the current implementation you cited
> seems to be written way before RFC5722, so it's not surprising it
> doesn't follow the latest recommendation).
>> [1] https://tools.ietf.org/html/rfc5722#section-4
>> [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443
> --
> JINMEI, Tatuya
>
Hi Tatuya,
thank you for your feedback. I have created a diff [1] that implements
the change.
[1] https://reviews.freebsd.org/D1388
--
Regards,
Ilya Bakulin
More information about the freebsd-net
mailing list