Date: Sat, 20 Dec 2014 23:40:37 +0100 From: Ilya Bakulin <ilya@bakulin.de> To: freebsd-net@freebsd.org Subject: IPv6 fragments handling Message-ID: <5495FAE5.8090707@bakulin.de>
next in thread | raw e-mail | index | archive | help
Hi list, I've been running OpenBSD IPv6 fragmentation tests (regress/sys/netinet6/frag6) and noticed that FreeBSD doesn't drop the IPv6 packet if it receives a fragment that partially overlaps with already received data. The test that fails is frag6_overhead0.py, but also frag6_overhead.py. There is an RFC-5722 that explicitly tells to discard such packets [1]: ------------------------------------------------ 4. Node Behavior IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT create overlapping fragments. When reassembling an IPv6 datagram, if one or more its constituent fragments is determined to be an overlapping fragment, the entire datagram (and any constituent fragments, including those not yet received) MUST be silently discarded. Nodes MAY also provide mechanisms to track the reception of such packets, for instance, by implementing counters or alarms relating to these events. ------------------------------------------------ But what we do is just silently discarding the overlapping segment, see [2]. When using PF with fragment reassembly, the behavior changes to what RFC says and the packet is completely dropped. There is no security issue with current behavior, because the already received part is never overwritten, but following RFC a bit closer would be nice. Maybe we should fix the stack to drop such packets? [1] https://tools.ietf.org/html/rfc5722#section-4 [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5495FAE5.8090707>