[ipv6hackers] RA guard evasion

Gert Doering gert at space.net
Tue May 14 18:15:06 CEST 2013


On Tue, May 14, 2013 at 06:07:56PM +0200, Andrew Yourtchenko wrote:
> > MSS helps TCP, but not UDP.  And there is large UDP packets, think EDNS0.
> >
> > (Whether this will ever work reliably in the face of interesting challenges
> > handling fragmented IPv6 packets is a different question, but "just drop
> > all fragments" is the wrong answer)
> Would qualifying it "drop all fragments with link-local source" make look a
> bit better ?

Yes, there should never been link-local packets with fragments.  No objections
against that (of course the OS needs to verify that RAs etc. are really only
sent from link-local addresses, but I sincerely hope they are getting this

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the Ipv6hackers mailing list