On 22.12.14, 17:59, 神明達哉 wrote: > At Sat, 20 Dec 2014 23:40:37 +0100, > Ilya Bakulin <i...@bakulin.de> wrote: > >> But what we do is just silently discarding the overlapping segment, see [2]. >> When using PF with fragment reassembly, the behavior changes to what RFC >> says >> and the packet is completely dropped. >> >> There is no security issue with current behavior, because the already >> received >> part is never overwritten, but following RFC a bit closer would be nice. >> >> Maybe we should fix the stack to drop such packets? > That would be a nice cleanup (the current implementation you cited > seems to be written way before RFC5722, so it's not surprising it > doesn't follow the latest recommendation). >> [1] https://tools.ietf.org/html/rfc5722#section-4 >> [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443 > -- > JINMEI, Tatuya > Hi Tatuya, thank you for your feedback. I have created a diff [1] that implements the change.
[1] https://reviews.freebsd.org/D1388 -- Regards, Ilya Bakulin _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
