RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5722, "Handling of Overlapping IPv6 Fragments", December 2009

Note: This RFC has been updated by RFC 6946

Source of RFC: 6man (int)
See Also: RFC 5722 w/ inline errata

Errata ID: 3089
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Simon Perreault
Date Reported: 2012-01-13
Verifier Name: Brian Haberman
Date Verified: 2012-06-01

Section 4 says:

   IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT
   create overlapping fragments.  When reassembling an IPv6 datagram, if
   one or more its constituent fragments is determined to be an
   overlapping fragment, the entire datagram (and any constituent
   fragments, including those not yet received) MUST be silently
   discarded.

It should say:

   IPv6 nodes transmitting datagrams that need to be fragmented MUST NOT
   create overlapping fragments.  When reassembling an IPv6 datagram, if
   one or more its constituent fragments is determined to be an
   overlapping fragment, the entire datagram (and any constituent
   fragments) MUST be silently discarded.

Notes:

Discarding fragments "including those not yet received" is not implementable. You'd have to keep state about the (source, destination, protocol, id) 4-tuple for MSL (120 seconds). If you do this you create two bugs:
- A new attack vector: an attacker could eat your resources. And if you just limit the number of such state entries then you fail to implement RFC 5722 correctly.
- It breaks at fairly low speeds. See draft-ietf-intarea-ipv4-id-update.

The proposal is simply to remove the "including those not yet received" bit. Normal host stacks do not keep state once a fragment has been reassembled. You reassemble the full packet and clear the fragment table. So this corrected text would align the RFC with actual practice.

This errata report results from an implementation attempt by OpenBSD.

Report New Errata



Advanced Search