On Tue, Jan 10, 2012 at 07:51:03PM -0300, Fernando Gont wrote:
> On 01/10/2012 01:20 PM, Alexander Bluhm wrote:
> > Implement RFC 5722 and drop all IPv6 fragments that belong to a
> > packet with overlapping fragments.
>
> FWIW, you may be interested in this one, too:
> http://tools.ietf.org/id/draft-gont-6man-ipv6-atomic-fragments-00.txt
I already was aware of it. It makes sense to me.
Do we want this in our stack although it is not an RFC yet?
Or perhaps only in pf for extra security?
bluhm
Index: netinet6/frag6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.40
diff -u -p -r1.40 frag6.c
--- netinet6/frag6.c 10 Jan 2012 17:09:02 -0000 1.40
+++ netinet6/frag6.c 11 Jan 2012 02:43:55 -0000
@@ -235,6 +235,20 @@ frag6_input(struct mbuf **mp, int *offp,
/* offset now points to data portion */
offset += sizeof(struct ip6_frag);
+ /*
+ * draft-gont-6man-ipv6-atomic-fragments-00: A host that receives an
+ * IPv6 packet which includes a Fragment Header with the "Fragment
+ * Offset" equal to 0 and the "M" bit equal to 0 MUST process such
+ * packet in isolation from any other packets/fragments.
+ */
+ fragoff = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
+ if (fragoff == 0 && !(ip6f->ip6f_offlg & IP6F_MORE_FRAG)) {
+ ip6stat.ip6s_reassembled++;
+ in6_ifstat_inc(dstifp, ifs6_reass_ok);
+ *offp = offset;
+ return ip6f->ip6f_nxt;
+ }
+
IP6Q_LOCK();
/*
@@ -299,7 +313,6 @@ frag6_input(struct mbuf **mp, int *offp,
* If it's the 1st fragment, record the length of the
* unfragmentable part and the next header of the fragment header.
*/
- fragoff = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
if (fragoff == 0) {
q6->ip6q_unfrglen = offset - sizeof(struct ip6_hdr) -
sizeof(struct ip6_frag);
