From: Fernando Gont <fernando@gont.com.ar>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: netdev <netdev@vger.kernel.org>
Subject: Re: Fwd: RFC 7112 on Implications of Oversized IPv6 Header Chains
Date: Thu, 30 Jan 2014 12:00:07 -0300 [thread overview]
Message-ID: <52EA68F7.8040604@gont.com.ar> (raw)
In-Reply-To: <1391090198.4405.57.camel@deadeye.wl.decadent.org.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/30/2014 10:56 AM, Ben Hutchings wrote:
> On Wed, 2014-01-29 at 16:25 -0300, Fernando Gont wrote:
>> Folks,
>>
>> FYI. This one has important implications -- it allows stateless
>> filtering in IPv6 (otherwise not really possible)
> [...]
>
> Still not possible unless you can trust that all hosts behind the
> firewall will correctly drop overlapping fragments.
All recent versions of popular OSes already do that.
Yes, there will be older ones around for a while -- but so many things
have and are being improved in the IPv6 area that, if you ran an old
OS, processing overlapping fragments should probably be the last thing
you should worry about.
Thanks,
- --
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJS6mjuAAoJEJbuqe/Qdv/x3e0H/iwSar/7m9XJr6/6QOt6Nst5
gbvAOzd2PgtjwGuRYHT0rSwZi2+/Ju7CRoiBjsTpMuAVtpYYt9+1+RX20W1Q0VpA
QVKlQUKoOeL00jNLjWGVCG8rJtDhE5Q+oi5hynjrWtphEQ3mNeHCn+bfW/Jbu0R6
oFv6uOkMiRNvdcVGkXxf6cNeZ9uE4w2pTOIXHbZekl6ejfUjkn5z8u5VlckDS7QR
ct3NPSKSOMv0C/3q+ncuZeUp2ids5BiyxBUzhJvxH2YG8/CYL5gjjOi/YbTDdz+3
TKM/ZB13U1ZqoTpWgYjr8o4UPR14Ek/GTCwrHYY6O9X5Y8FgXoQZePrItqexR0Y=
=CQDC
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2014-01-30 16:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20140129173044.D475C7FC17B@rfc-editor.org>
2014-01-29 19:25 ` Fwd: RFC 7112 on Implications of Oversized IPv6 Header Chains Fernando Gont
2014-01-30 13:56 ` Ben Hutchings
2014-01-30 15:00 ` Fernando Gont [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52EA68F7.8040604@gont.com.ar \
--to=fernando@gont.com.ar \
--cc=ben@decadent.org.uk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).