database logo graphic

RFC 6946

"Processing of IPv6 "Atomic" Fragments", May 2013

Canonical URL:
This document is also available in this non-normative format: PDF.
RFC 2460, RFC 5722
F. Gont
6man (int)

Cite this RFC: TXT  |  XML


Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


The IPv6 specification allows packets to contain a Fragment Header without the packet being actually fragmented into multiple pieces (we refer to these packets as "atomic fragments"). Such packets are typically sent by hosts that have received an ICMPv6 "Packet Too Big" error message that advertises a Next-Hop MTU smaller than 1280 bytes, and are currently processed by some implementations as normal "fragmented traffic" (i.e., they are "reassembled" with any other queued fragments that supposedly correspond to the same original packet). Thus, an attacker can cause hosts to employ atomic fragments by forging ICMPv6 "Packet Too Big" error messages, and then launch any fragmentation-based attacks against such traffic. This document discusses the generation of the aforementioned atomic fragments and the corresponding security implications. Additionally, this document formally updates RFC 2460 and RFC 5722, such that IPv6 atomic fragments are processed independently of any other fragments, thus completely eliminating the aforementioned attack vector.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Go to the RFC Editor Homepage.