RFC 6946

Processing of IPv6 "Atomic" Fragments, May 2013

Canonical URL:
File formats:
Plain TextPDF
RFC 2460, RFC 5722
F. Gont
6man (int)

Cite this RFC: TXT  |  XML

DOI:  http://dx.doi.org/10.17487/RFC6946

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


The IPv6 specification allows packets to contain a Fragment Header without the packet being actually fragmented into multiple pieces (we refer to these packets as "atomic fragments"). Such packets are typically sent by hosts that have received an ICMPv6 "Packet Too Big" error message that advertises a Next-Hop MTU smaller than 1280 bytes, and are currently processed by some implementations as normal "fragmented traffic" (i.e., they are "reassembled" with any other queued fragments that supposedly correspond to the same original packet). Thus, an attacker can cause hosts to employ atomic fragments by forging ICMPv6 "Packet Too Big" error messages, and then launch any fragmentation-based attacks against such traffic. This document discusses the generation of the aforementioned atomic fragments and the corresponding security implications. Additionally, this document formally updates RFC 2460 and RFC 5722, such that IPv6 atomic fragments are processed independently of any other fragments, thus completely eliminating the aforementioned attack vector.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Download PDF Reader

Search RFCs
Advanced Search