Date: Mon, 22 Dec 2014 08:59:13 -0800 From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp> To: Ilya Bakulin <ilya@bakulin.de> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: IPv6 fragments handling Message-ID: <CAJE_bqd49LRxO8rH6cz0h-RCA%2Be8WA_PM6w4WTpjnANHn0rGig@mail.gmail.com> In-Reply-To: <5495FAE5.8090707@bakulin.de> References: <5495FAE5.8090707@bakulin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
At Sat, 20 Dec 2014 23:40:37 +0100, Ilya Bakulin <ilya@bakulin.de> wrote: > But what we do is just silently discarding the overlapping segment, see [2]. > When using PF with fragment reassembly, the behavior changes to what RFC > says > and the packet is completely dropped. > > There is no security issue with current behavior, because the already > received > part is never overwritten, but following RFC a bit closer would be nice. > > Maybe we should fix the stack to drop such packets? That would be a nice cleanup (the current implementation you cited seems to be written way before RFC5722, so it's not surprising it doesn't follow the latest recommendation). > > [1] https://tools.ietf.org/html/rfc5722#section-4 > [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443 -- JINMEI, Tatuya
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJE_bqd49LRxO8rH6cz0h-RCA%2Be8WA_PM6w4WTpjnANHn0rGig>