Hi Chritian, The draft already contains the below:
" IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT create overlapping fragments. IPv6 nodes that receive a fragment that overlaps with a previously received fragment MUST cease the reassembly process and MUST discard the previously received fragments with the same IPv6 Source Address, IPv6 Destination Address and Fragment Identification." What more are you suggesting? Thanks, Vishwas On Thu, May 28, 2009 at 10:43 AM, Christian Vogt <christian.v...@ericsson.com> wrote: > On May 27, 2009, Suresh Krishnan wrote: > >> Firewalls may or may not reassemble fragments, and I am not sure what to >> put in here. If you can suggest some text to put in this paragraph, I >> will be glad to add it to the document. > > > Suresh - > > My suggestion is not about fragment reassembly in firewalls, but rather > about adding guidance to the document of when it is safe for a firewall > to drop overlapping fragments. > > Given the apparent absence of overlapping fragments in legitimate > traffic, it would be safe, hence recommended, for firewalls to drop > overlapping fragments. > > Hope this helps. > > - Christian > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
