IPv6 fragments handling
Ilya Bakulin
ilya at bakulin.de
Sat Dec 20 22:40:40 UTC 2014
Hi list,
I've been running OpenBSD IPv6 fragmentation tests
(regress/sys/netinet6/frag6)
and noticed that FreeBSD doesn't drop the IPv6 packet if it receives a
fragment
that partially overlaps with already received data.
The test that fails is frag6_overhead0.py, but also frag6_overhead.py.
There is an RFC-5722 that explicitly tells to discard such packets [1]:
------------------------------------------------
4. Node Behavior
IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT
create overlapping fragments. When reassembling an IPv6 datagram, if
one or more its constituent fragments is determined to be an
overlapping fragment, the entire datagram (and any constituent
fragments, including those not yet received) MUST be silently
discarded.
Nodes MAY also provide mechanisms to track the reception of such
packets, for instance, by implementing counters or alarms relating to
these events.
------------------------------------------------
But what we do is just silently discarding the overlapping segment, see [2].
When using PF with fragment reassembly, the behavior changes to what RFC
says
and the packet is completely dropped.
There is no security issue with current behavior, because the already
received
part is never overwritten, but following RFC a bit closer would be nice.
Maybe we should fix the stack to drop such packets?
[1] https://tools.ietf.org/html/rfc5722#section-4
[2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443
More information about the freebsd-net
mailing list