On 01/05/2012 08:25 AM, Bjoern A. Zeeb wrote: > > What he means is remove the fragment header in this case without any other > fragment code processing and continue handling the packet as if you'd have > received it without the ext hdr. > > That this is still an expensive operation for a silly packet does not seem to > trickle down so avoiding these cases whenever possible should be the rule.
Huh? What's your threat model? If you're concerned about being subject of... what? CPU-consumption attacks? -- guess what: an attacker would send you non-atomic fragments, just that you not only have to remove fragment headers, but also need to glue all the fragments together. Do you really think of atomic fragments as an attack vector? -- Attackers are much more clever than that... Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
