On 01/13/2012 05:05 PM, RFC Errata System wrote: > Notes ----- Discarding fragments "including those not yet received" > is not implementable. You'd have to keep state about the (source, > destination, protocol, id) 4-tuple for MSL (120 seconds). If you do > this you create two bugs: - A new attack vector: an attacker could > eat your resources. And if you just limit the number of such state > entries then you fail to implement RFC 5722 correctly. [...] > > The proposal is simply to remove the "including those not yet > received" bit. Normal host stacks do not keep state once a fragment > has been reassembled. You reassemble the full packet and clear the > fragment table. So this corrected text would align the RFC with > actual practice. > > This errata report results from an implementation attempt by > OpenBSD.
FWIW, this follows the general principle that "you don't add more state for malicious traffic". That aside, at least not spending too much time on it I couldn't come up with a scenario in which "not dropping future fragments" would enable the attack discussed in the aforementioned RFC. Thanks, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
