RE: Tiny fragments and IPv6

["Vishwas Manral" <Vishwas@sinett.com>]

Title: RE: Tiny fragments and IPv6

Hi Margaret,

 

One small difference is that we can have a lot of extension headers in IPv6 while we do not have the same in IPv4. In IPv4 the TCP header if present will be just after the IPv4 header, which may not be the case in IPv6 (because of the extension headers). Besides STD 5, RFC 791 states:-

      Every internet module must be able to forward a datagram of 68
      octets without further fragmentation.  This is because an internet
      header may be up to 60 octets, and the minimum fragment is 8
      octets.

 

There is no minimum non-last fragment size specified in IPv6. RFC1858 already states issues with IPv4 with tiny fragments.

 

Thanks,

Vishwas

---

From: Margaret Wasserman [mailto:margaret@thingmagic.com]
Sent: Tue 11/29/2005 10:13 AM
To: 'Fred Baker'; v6ops@ops.ietf.org
Cc: Vishwas Manral
Subject: RE: Tiny fragments and IPv6

Why is this an IPv6-specific problem?  Is there a reason why the same type
of attack does not work in IPv4?

Margaret

> -----Original Message-----
> From: owner-v6ops@ops.ietf.org
> [mailto:owner-v6ops@ops.ietf.org] On Behalf Of Fred Baker
> Sent: Tuesday, November 29, 2005 8:23 AM
> To: v6ops@ops.ietf.org
> Cc: Vishwas Manral
> Subject: Fwd: Tiny fragments and IPv6
>
> This has been moved to v6ops, as it is more operational in
> nature than a protocol discussion.
>
> Begin forwarded message:
>
> > From: "Vishwas Manral" <Vishwas@sinett.com>
> > Date: November 28, 2005 8:49:11 AM EST
> > To: "IPv6" <ipv6@ietf.org>
> > Subject: Tiny fragments and IPv6
> >
> > Hi folks,
> >
> > To summarize the discussion we have had on and off the list, I have
> > put in a short draft.
> >
> > Do let me know if you have any comments or suggestions for the same?
> >
> > Thanks,
> > Vishwas
> >