On 01/11/2012 12:16 AM, Alexander Bluhm wrote: > On Tue, Jan 10, 2012 at 07:51:03PM -0300, Fernando Gont wrote: >> On 01/10/2012 01:20 PM, Alexander Bluhm wrote: >>> Implement RFC 5722 and drop all IPv6 fragments that belong to a >>> packet with overlapping fragments. >> >> FWIW, you may be interested in this one, too: >> http://tools.ietf.org/id/draft-gont-6man-ipv6-atomic-fragments-00.txt > > I already was aware of it. It makes sense to me. > > Do we want this in our stack although it is not an RFC yet? > Or perhaps only in pf for extra security?
I should note that an RFC can take at least a year to publish (if ever). So far, to the extent that the aforementioned I-D has been discussed on the IETF 6man mailing-list, I haven't seen anybody opposing to it and, on the other hand, quite a few people have expressed their support. So I'd argue that you should apply this patch, and be done with it. P.S.: Clearly, I'm biased, since I'm the author of the I-D, but... Thanks, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
