In some email I received from itojun@iijlab.net, sie wrote:
> 
> >In some email I received from Jun-ichiro itojun Hagino, sie wrote:
> >> 	ip6->ip6_plen can be 0 if the packet is IPv6 jumbogram, you will
> >> 	want to do something about it.
> >Do you mean >64k jumbograms ?  I'd like to see one get sent first.
> >On Solaris, with fiber channel and an MTU of 65420, I end up with
> >~9k packets because of internal buffering problems.
> 
> 	regardless of you see the packet or not you need to check about it,
> 	and do something (simply reject it or whatever).

throwing them away sounds good.

> >> ip_fil.c:send_reset()
> >> 	packet size may possibly overrun mbuf, on certain operating systems
> >> 	(like MSIZE == 128 and sizeof(void *) == 8).
> >huh ?
> >In send_reset(), it is ONLY IPv6 + TCP.
> >You're telling me that'll overflow 128 bytes ?!
> >Likewise, I don't see anything that does anything with "sizeof(void *)"/
> 
> 	MHLEN = MSIZE - sizeof(a couple of pointers and integers).
> 	TCP header (including option part) can take up to 64 bytes.
> 	IPv6 header occupies 40 bytes.
> 	if 40 + 64 > MHLEN, you are dead.

TCP RST's are generated without TCP options and have 20 byte headers.

Darren