> Quite. Also, https://tools.ietf.org/html/rfc7915#section-1.2 says in no uncertain terms: «Fragmented ICMP/ICMPv6 packets will not be translated by IP/ICMP translators.»
Hmm. What curious phrasing. Then, now that you mention it, NAT64 Jool appears to be breaking this requirement. Although I'm lost as to why would NAT64 Jool not want to translate these packets. The pseudoheader can be added and removed in O(1) time. As far as security is concerned, I don't see ICMP fragments being any more of a risk than TCP/UDP fragments. Maybe it was intended to refer to SIIT only? Alberto On Wed, Feb 15, 2017 at 1:26 PM, Tore Anderson <[email protected]> wrote: > * Alberto Leiva > >> We choose to live with this because fragmented pings are not very >> important Internet traffic. > > Quite. Also, https://tools.ietf.org/html/rfc7915#section-1.2 says in no > uncertain terms: «Fragmented ICMP/ICMPv6 packets will not be translated > by IP/ICMP translators.» > > Tore _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
