IPv6 Fragment Overlap not Forbidden
"Elwyn Davies" <elwynd@nortelnetworks.com> Thu, 23 September 2004 14:26 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA16881 for <ipv6-web-archive@ietf.org>; Thu, 23 Sep 2004 10:26:43 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAUfK-0000Ot-Mo for ipv6-web-archive@ietf.org; Thu, 23 Sep 2004 10:33:47 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAUVJ-0004D2-Kw; Thu, 23 Sep 2004 10:23:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAUSt-0003yV-AF for ipv6@megatron.ietf.org; Thu, 23 Sep 2004 10:20:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA16529 for <ipv6@ietf.org>; Thu, 23 Sep 2004 10:20:52 -0400 (EDT)
Received: from zctfs063.nortelnetworks.com ([47.164.128.120]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAUZb-0000J8-5D for ipv6@ietf.org; Thu, 23 Sep 2004 10:27:57 -0400
Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id i8NEKG916467 for <ipv6@ietf.org>; Thu, 23 Sep 2004 16:20:16 +0200 (MEST)
Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <TJ1G5N7P>; Thu, 23 Sep 2004 16:20:15 +0200
Message-ID: <8F20221FB47FD51190AD00508BCF36BA0D45800D@znsgy0k3.europe.nortel.com>
From: Elwyn Davies <elwynd@nortelnetworks.com>
To: "'ipv6@ietf.org'" <ipv6@ietf.org>
Date: Thu, 23 Sep 2004 16:20:14 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Subject: IPv6 Fragment Overlap not Forbidden
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
While writing the recent draft on NAT-PT deprecation, I had occasion to review RFC1838 and RFC3128 which relate to security threats with fragmented IPv4 packets. One of the problems was that the IPv4 specification allowed for fragments to overlap. It appears that the general assumption is that IPv6 stacks would not allow fragments to overlap but looking at RFC2460 the reconstruction algorithm specification does not forbid overlaps. If RFC2460 gets revved this point should be included. Regards, Elwyn ---------------------------------------------------------------------------- ------ Elwyn B Davies Routing and Addressing Strategy Prime & IPv6 Core Team Leader CTO Office, Portfolio Integration Solutions Ready Nortel Networks plc Email: elwynd@nortelnetworks.com Harlow Laboratories ESN 6-742-5498 London Road, Harlow, Direct Line +44-1279-405498 Essex, CM17 9NA, UK Fax +44-1279-402047 Registered Office: Maidenhead Office Park, Westacott Way, Company No. 3937799 Maidenhead, Berkshire, SSL6 3QH ---------------------------------------------------------------------------- This message may contain information proprietary to Nortel Networks plc so any unauthorised disclosure, copying or distribution of its contents is strictly prohibited. ---------------------------------------------------------------------------- "The Folly is mostly mine" and the opinions are mine and not those of my employer. a ============================================================================ ====== -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- IPv6 Fragment Overlap not Forbidden Elwyn Davies