IPv6 Fragmentation

Michael Tuexen Michael.Tuexen at lurchi.franken.de
Sat Feb 20 11:40:21 UTC 2021 

> On 20. Feb 2021, at 05:32, Doug Hardie <bc979 at lafn.org> wrote:
> 
>> On 19 February 2021, at 01:48, Michael Tuexen <michael.tuexen at lurchi.franken.de> wrote:
>> 
>>> On 19. Feb 2021, at 03:29, Doug Hardie <bc979 at lafn.org> wrote:
>>> 
>>> I don't know if this is a feature or a bug.  On FreeBSD 9, the following ping worked:
>>> 
>>> ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0
>> I don't have a dc0 interface, but using re0 at one side and bge at the other, I get
>> with FreeBSD CURRENT:
>> tuexen at cirrus:~ % ping6 -s 5000 -b 6000 fe80::2e09:4dff:fe00:c00%re0
>> PING6(5048=40+8+5000 bytes) fe80::aaa1:59ff:fe0c:da92%re0 --> fe80::2e09:4dff:fe00:c00%re0
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=0 hlim=255 time=0.393 ms
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=1 hlim=255 time=0.419 ms
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=2 hlim=255 time=0.354 ms
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3 hlim=255 time=0.446 ms
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=4 hlim=255 time=0.421 ms
>> 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=5 hlim=255 time=0.372 ms
>> ^C
>> --- fe80::2e09:4dff:fe00:c00%re0 ping6 statistics ---
>> 6 packets transmitted, 6 packets received, 0.0% packet loss
>> round-trip min/avg/max/std-dev = 0.354/0.401/0.446/0.031 ms
>> 
>> Best regards
>> Michael
>>> 
>>> It had to be stopped, but it returned the number of ping responses received along with statistics.
>>> 
>>> With FreeBSD 12.2 and 13.0-BETA2, it returns 100% packet loss.  tcpdump shows that it properly fragments the data, sends it, the other end receives it and sends back the ACKs.  The ACKs are received, but somehow ping doesn't find out that the packets were received.
>>> 
>>> Without the -s and -b arguments, it works and you get 100% packets received.
> 
> I found the problem.  pf does not handle IPv6 packets that are fragmented the obvious way.  I suspect it is because icmp header is only in the first fragment.  I had to reassemble fragments in pf in order to make the large pings work.
Glad you found the problem. Thanks for letting us know.

Best regards
Michael
> 
> -- Doug
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list