Subject: Re: latest ipfilter, IPv6 handling
To: Darren Reed <>
From: None <>
List: tech-net
Date: 03/29/2001 02:30:35
>In some email I received from Jun-ichiro itojun Hagino, sie wrote:
>> 	ip6->ip6_plen can be 0 if the packet is IPv6 jumbogram, you will
>> 	want to do something about it.
>Do you mean >64k jumbograms ?  I'd like to see one get sent first.
>On Solaris, with fiber channel and an MTU of 65420, I end up with
>~9k packets because of internal buffering problems.

	regardless of you see the packet or not you need to check about it,
	and do something (simply reject it or whatever).

>> fil.c:fr_ifpaddr()
>> 	on KAME platforms, may need to take care of embedded scope identifiers.
>> 	in sin6.sin6_addr.s6_addr16[1].
>What are you saying here ?  They're not already included ?
>Please explain.

	i guess i need to look at it with more care.  hold on.

>> ip_fil.c:send_ip()
>> 	why ip6_hlim is set to 127?
>Got to set it to something!  Is there an equivalent to tcp_ttl for
>IPv6 ?

	setting it to IPDEFTTL is the most appropriate at this moment.
	there will be some IANA standard table clarification.

>> ip_fil.c:send_reset()
>> 	packet size may possibly overrun mbuf, on certain operating systems
>> 	(like MSIZE == 128 and sizeof(void *) == 8).
>huh ?
>In send_reset(), it is ONLY IPv6 + TCP.
>You're telling me that'll overflow 128 bytes ?!
>Likewise, I don't see anything that does anything with "sizeof(void *)"/

	MHLEN = MSIZE - sizeof(a couple of pointers and integers).
	TCP header (including option part) can take up to 64 bytes.
	IPv6 header occupies 40 bytes.
	if 40 + 64 > MHLEN, you are dead.