From owner-freebsd-net@FreeBSD.ORG  Sun Dec 28 19:30:52 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1C2EFED4
 for <freebsd-net@freebsd.org>; Sun, 28 Dec 2014 19:30:52 +0000 (UTC)
Received: from olymp.kibab.com (olymp6.kibab.com [IPv6:2a01:4f8:160:84c1::2])
 by mx1.freebsd.org (Postfix) with ESMTP id D2B41644BF
 for <freebsd-net@freebsd.org>; Sun, 28 Dec 2014 19:30:51 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.8.3 olymp.kibab.com 9F20E75917
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bakulin.de; s=default;
 t=1419795049; bh=UcUn/8LPhqcMF4GXFyqNO4Vl5TO82hh8aCdDspevRU4=;
 h=Date:From:To:CC:Subject:References:In-Reply-To;
 b=jnWQS+wTq0l/Rr3xraau5znEVbLlwRg0cjHAJSvKNYYZVwGDfFGN2av9tkkGZo0fH
 ZsHzmthK88QfLrFUV7qDIhLvDeSMG0pmCUFb9/XqWPzQS13cXBa0j2mzzDZ0ZyOow4
 E6jUhoEvf8vr4I7j5O5EF7JoPynaSUfg1/ODjacs=
Message-ID: <54A05A69.607@bakulin.de>
Date: Sun, 28 Dec 2014 20:30:49 +0100
From: Ilya Bakulin <ilya@bakulin.de>
MIME-Version: 1.0
To: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
Subject: Re: IPv6 fragments handling
References: <5495FAE5.8090707@bakulin.de>
 <CAJE_bqd49LRxO8rH6cz0h-RCA+e8WA_PM6w4WTpjnANHn0rGig@mail.gmail.com>
In-Reply-To: <CAJE_bqd49LRxO8rH6cz0h-RCA+e8WA_PM6w4WTpjnANHn0rGig@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: FreeBSD Net <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 19:30:52 -0000

On 22.12.14, 17:59, =E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89 wrote:
> At Sat, 20 Dec 2014 23:40:37 +0100,
> Ilya Bakulin <ilya@bakulin.de> wrote:
>
>> But what we do is just silently discarding the overlapping segment, se=
e [2].
>> When using PF with fragment reassembly, the behavior changes to what R=
FC
>> says
>> and the packet is completely dropped.
>>
>> There is no security issue with current behavior, because the already
>> received
>> part is never overwritten, but following RFC a bit closer would be nic=
e.
>>
>> Maybe we should fix the stack to drop such packets?
> That would be a nice cleanup (the current implementation you cited
> seems to be written way before RFC5722, so it's not surprising it
> doesn't follow the latest recommendation).
>> [1] https://tools.ietf.org/html/rfc5722#section-4
>> [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.=
c#L443
> --
> JINMEI, Tatuya
>
Hi Tatuya,
thank you for your feedback. I have created a diff [1] that implements
the change.

[1] https://reviews.freebsd.org/D1388

--=20
Regards,
Ilya Bakulin