On 2/7/14 12:12 PM, "Simon Perreault" <[email protected]> wrote:
>Le 2014-02-07 11:01, [email protected] a écrit : >>> This part is still not OK: >>> >>>> 5.2.1. Changes to RFC2473 and RFC6333 Fragmentation Behaviour >>>> >>>> On receiving an encapsulated packet containing an IPv4 fragment, >>>>the >>>> lwB4 SHOULD wait until all other fragments have been received and >>>>de- >>>> capsulated. The original packet is then re-assembled before >>>> performing NAPT. This is necessary because layer-4 protocol >>>> information is only present in the first fragment. >>> >>> I'll repeat what I wrote on 2014-01-16: >>> >>> It's possible to do it correctly without waiting for all fragments >>> (e.g., what Cisco calls "virtual reassembly"). My suggestion would be >>>to >>> steal the very carefully written text from RFC 6146, page 19. >> >> [ian] My apologies - I wasn¹t familiar with the Cisco feature that you >> mentioned, so researched it and all of the information that I¹ve found >>is >> the Cisco VFR (virtual fragment reassembly). > >It's just an example. Maybe not well chosen, since I can't find >documentation explaining exactly the behaviour I think it implements. > >Anyway, the point is that waiting until all fragments have been received >is not necessary. For example, it's 100% correct to only wait until >fragments sufficient for knowing the L4 info have been received. That >will often be just the first fragment. So you buffer fragments until the >first one has been received (just in case there is packet reordering, >often the first fragment you receive will be the packet's first >fragment), you extract the L4 info, you keep that info in memory, and >you forward/NAT the fragment. For the following fragments, you just look >up the stored L4 info from memory. There is no actual reassembly. I agree, there is no need to wait for all the fragments if all you need is the l4 info. Just save the context and l4 info for the first fragment. If you get out of order fragments, and The first fragment is not received, the non-first fragments would have to be buffered until the First fragment arrives.. Thanks Senthil > >> I thought that I¹d captured >> this with the RFC4459 reference, but it looks like it¹s also covering >>the >> tiny fragment attacks described in RFC1858. >> >> What about: >> >> 5.2.1. Changes to RFC2473 and RFC6333 Fragmentation Behaviour >> >> >> On receiving an encapsulated packet containing an IPv4 fragment, the >> lwB4 SHOULD wait until all other fragments have been received and de- >> capsulated. > >No, the point is that it's not necessary to wait until all other >fragments have been received. > >I'll say it again: my suggestion would be to steal the very carefully >written text from RFC 6146, page 19. (We spent *many* emails coming up >with that text, and I don't want to do this again!) > >Simon >-- >DTN made easy, lean, and smart --> http://postellation.viagenie.ca >NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca >STUN/TURN server --> http://numb.viagenie.ca >_______________________________________________ >Softwires mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/softwires _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
