Date: Sun, 28 Dec 2014 20:30:49 +0100 From: Ilya Bakulin <ilya@bakulin.de> To: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: IPv6 fragments handling Message-ID: <54A05A69.607@bakulin.de> In-Reply-To: <CAJE_bqd49LRxO8rH6cz0h-RCA%2Be8WA_PM6w4WTpjnANHn0rGig@mail.gmail.com> References: <5495FAE5.8090707@bakulin.de> <CAJE_bqd49LRxO8rH6cz0h-RCA%2Be8WA_PM6w4WTpjnANHn0rGig@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22.12.14, 17:59, =E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89 wrote: > At Sat, 20 Dec 2014 23:40:37 +0100, > Ilya Bakulin <ilya@bakulin.de> wrote: > >> But what we do is just silently discarding the overlapping segment, se= e [2]. >> When using PF with fragment reassembly, the behavior changes to what R= FC >> says >> and the packet is completely dropped. >> >> There is no security issue with current behavior, because the already >> received >> part is never overwritten, but following RFC a bit closer would be nic= e. >> >> Maybe we should fix the stack to drop such packets? > That would be a nice cleanup (the current implementation you cited > seems to be written way before RFC5722, so it's not surprising it > doesn't follow the latest recommendation). >> [1] https://tools.ietf.org/html/rfc5722#section-4 >> [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.= c#L443 > -- > JINMEI, Tatuya > Hi Tatuya, thank you for your feedback. I have created a diff [1] that implements the change. [1] https://reviews.freebsd.org/D1388 --=20 Regards, Ilya Bakulin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54A05A69.607>