Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 20 Dec 2014 23:40:37 +0100
From:      Ilya Bakulin <ilya@bakulin.de>
To:        freebsd-net@freebsd.org
Subject:   IPv6 fragments handling
Message-ID:  <5495FAE5.8090707@bakulin.de>

next in thread | raw e-mail | index | archive | help
Hi list,

I've been running OpenBSD IPv6 fragmentation tests
(regress/sys/netinet6/frag6)
and noticed that FreeBSD doesn't drop the IPv6 packet if it receives a
fragment
that partially overlaps with already received data.

The test that fails is frag6_overhead0.py, but also frag6_overhead.py.

There is an RFC-5722 that explicitly tells to discard such packets [1]:

------------------------------------------------
4. Node Behavior


   IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT
   create overlapping fragments.  When reassembling an IPv6 datagram, if
   one or more its constituent fragments is determined to be an
   overlapping fragment, the entire datagram (and any constituent
   fragments, including those not yet received) MUST be silently
   discarded.

   Nodes MAY also provide mechanisms to track the reception of such
   packets, for instance, by implementing counters or alarms relating to
   these events.
------------------------------------------------

But what we do is just silently discarding the overlapping segment, see [2].
When using PF with fragment reassembly, the behavior changes to what RFC
says
and the packet is completely dropped.

There is no security issue with current behavior, because the already
received
part is never overwritten, but following RFC a bit closer would be nice.

Maybe we should fix the stack to drop such packets?

[1] https://tools.ietf.org/html/rfc5722#section-4
[2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5495FAE5.8090707>