IETF Logo Mail Archive

Re: Non-Last Small IPv6 Fragments

Mark Andrews <marka@isc.org> Thu, 10 January 2019 21:58 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B092131284 for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 13:58:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wbEBJD9b4b1y for <ipv6@ietfa.amsl.com>; Thu, 10 Jan 2019 13:58:46 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62FDC131218 for <ipv6@ietf.org>; Thu, 10 Jan 2019 13:58:46 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 6BED63AB003; Thu, 10 Jan 2019 21:58:45 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 2E4AF160054; Thu, 10 Jan 2019 21:58:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 058E2160075; Thu, 10 Jan 2019 21:58:45 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EDxMf1aujtLa; Thu, 10 Jan 2019 21:58:44 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 12D2D160054; Thu, 10 Jan 2019 21:58:43 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: Non-Last Small IPv6 Fragments
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAAedzxqUAG=1CcQ1YL1tc35Ji6=yDga90Kq+WmjEwAkKZXYHaQ@mail.gmail.com>
Date: Fri, 11 Jan 2019 08:58:41 +1100
Cc: Simon Hobson <linux@thehobsons.co.uk>, IPv6 List <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1BFDFCDC-9165-4172-BACE-C3EAAE45827B@isc.org>
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com> <2AB3F16C-FC0E-4EF7-B1ED-1A97F2CEC69B@gmail.com> <BYAPR05MB42458F851962F26AE1E15CC4AE840@BYAPR05MB4245.namprd05.prod.outlook.com> <CAAedzxofmhokstWuq7mRWnd5PTz5WQaiDNnE8O_VHXF_PbK6nw@mail.gmail.com> <BYAPR05MB4245388FB800873A5A8ED12AAE840@BYAPR05MB4245.namprd05.prod.outlook.com> <66bf652a-2bc0-6814-6ded-a63eece7fbe2@gmail.com> <BYAPR05MB4245B9305E6EC57EDD45509FAE840@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35QkKhRFVV+FE0Cnb-CrNHTj96QqQGNsHqrxjQYV5qB0Q@mail.gmail.com> <0F7E883A-E31B-476F-A01B-4362F09ECAA1@thehobsons.co.uk> <CAAedzxqUAG=1CcQ1YL1tc35Ji6=yDga90Kq+WmjEwAkKZXYHaQ@mail.gmail.com>
To: ek@loon.co
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/UsjgIpIu5XySTLAylqL3IeA9ZJ8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 21:58:48 -0000


> On 11 Jan 2019, at 8:44 am, Erik Kline <ek@loon.co> wrote:
> 
> On Thu, 10 Jan 2019 at 13:39, Simon Hobson <linux@thehobsons.co.uk> wrote:
>> 
>> Tom Herbert <tom@herbertland.com> wrote:
>> 
>>> That might be reasonable, however requiring intermediate fragments to
>>> be at least 1280 MTU in IPv6 also solves that without needing to
>>> define some aritrary new limit.
>> 
>> In setting a minimum payload size for a fragment, is there a risk of conflicting with some known, or future unknown, link type with a small MTU ?
> 
> Technically that link wouldn't meet the 1280 min mtu requirement for
> IPv6, right?
> 
> Even with 1280 byte min fragment sizes, a reassembly engine still
> probably needs to place some limits in practice on the resources it
> will devote to reassembly.  An attacker and sent 1280-sized fragments
> for an endless series of 65535-sized datagrams…

approximate packet counts.

65535/1280
51

65535/1500
43

or even

65535/640
102

but a IPv6 node doesn’t have to support reassembly up to 65535

If you are worried about too many fragments, count and limit the fragments
not the fragment size.  If you get too many fragments for a packet just
discard them all.

> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email