On 01/11/2012 12:16 AM, Alexander Bluhm wrote:
On Tue, Jan 10, 2012 at 07:51:03PM -0300, Fernando Gont wrote:
On 01/10/2012 01:20 PM, Alexander Bluhm wrote:
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
FWIW, you may be interested in this
On 01/12/2012 03:39 AM, Fernando Gont wrote:
Do we want this in our stack although it is not an RFC yet?
Or perhaps only in pf for extra security?
I should note that an RFC can take at least a year to publish (if ever).
We should not wait for an RFC. We should wait for a consensus to emerge.
Hi,
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
ok?
bluhm
Index: netinet6/frag6.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.39
On 01/10/2012 01:20 PM, Alexander Bluhm wrote:
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
FWIW, you may be interested in this one, too:
http://tools.ietf.org/id/draft-gont-6man-ipv6-atomic-fragments-00.txt
Thanks,
--
Fernando Gont
On Tue, Jan 10, 2012 at 07:51:03PM -0300, Fernando Gont wrote:
On 01/10/2012 01:20 PM, Alexander Bluhm wrote:
Implement RFC 5722 and drop all IPv6 fragments that belong to a
packet with overlapping fragments.
FWIW, you may be interested in this one, too: