[ipv6hackers] RA guard evasion
Gert Doering
gert at space.net
Tue May 14 18:15:06 CEST 2013
Hi,
On Tue, May 14, 2013 at 06:07:56PM +0200, Andrew Yourtchenko wrote:
> > MSS helps TCP, but not UDP. And there is large UDP packets, think EDNS0.
> >
> > (Whether this will ever work reliably in the face of interesting challenges
> > handling fragmented IPv6 packets is a different question, but "just drop
> > all fragments" is the wrong answer)
>
> Would qualifying it "drop all fragments with link-local source" make look a
> bit better ?
Yes, there should never been link-local packets with fragments. No objections
against that (of course the OS needs to verify that RAs etc. are really only
sent from link-local addresses, but I sincerely hope they are getting this
right).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the Ipv6hackers
mailing list