Revision as of 14:34, 29 October 2021 edit Dandorid (talk \| contribs) Extended confirmed users 3,524 edits →‎Authentication Header (AH) and Encapsulating Security Payload (ESP): Fixed reference to RFC4303. {{Ref RFC}} ← Previous edit		Revision as of 15:29, 1 November 2021 edit undo Dandorid (talk \| contribs) Extended confirmed users 3,524 edits →‎Fragmentation: Ref RFC 7112 7113 6980 Next edit →
Line 436: Each fragment's length is a multiple of 8 octets, except the last fragment. The per-fragment headers were historically called the "unfragmentable part", referring to pre-2014 possibility of fragmenting the rest of headers. Now no headers are actually fragmentable.~~<ref name=rfc7112>~~{{~~Cite~~Ref ~~IETF~~RFC\|~~rfc=~~7112 ~~\|title=Implications of Oversized IPv6 Header Chains \|author=F. Gont\|author2=V. Manral\|author3=R. Bonica\|date=January 2014~~}}~~</ref>~~ ===Reassembly=== Line 448: ===Security=== Research has shown that the use of fragmentation can be leveraged to evade network security controls. As a result, in 2014 the earlier allowance for overflowing the IPv6 header chain beyond the first fragment became forbidden in order to avoid some very pathological fragmentation cases.<ref name=rfc7112/> Additionally, as a result of research on the evasion of Router Advertisement Guard,~~<ref name=rfc7113>~~{{~~Cite~~Ref ~~IETF~~RFC\|~~rfc=~~7113 ~~\|title=Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard) \|author=F. Gont \|date=February 2014~~}}~~</ref>~~ the use of fragmentation with neighbor discovery is deprecated, and the use of fragmentation with [[Secure Neighbor Discovery]] (SEND) is discouraged.~~<ref name=rfc6980>~~{{~~Cite~~Ref ~~IETF~~RFC\|~~rfc=~~6980 ~~\|title=Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery\|author=F. Gont \|date=August 2013~~}}~~</ref>~~ ==References==

IPv6 packet: Difference between revisions