From nobody Sun Oct 31 02:24:25 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1325318223E4 for ; Sun, 31 Oct 2021 02:36:13 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HhgJr1HX3z4X3N for ; Sun, 31 Oct 2021 02:36:12 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.org [185.220.148.12]) by uucp.dinoex.org (8.17.1/8.17.1) with ESMTPS id 19V2a4HX045069 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 31 Oct 2021 03:36:04 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-MDaemon-Deliver-To: X-Authentication-Warning: uucp.dinoex.sub.de: Host uucp.dinoex.org [185.220.148.12] claimed to be uucp.dinoex.sub.de Received: (from uucp@localhost) by uucp.dinoex.sub.de (8.17.1/8.17.1/Submit) with UUCP id 19V2a46X045068 for freebsd-stable@freebsd.org; Sun, 31 Oct 2021 03:36:04 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.16.1/8.16.1) with ESMTP id 19V2RHBR067432 for ; Sun, 31 Oct 2021 03:27:17 +0100 (CET) (envelope-from peter@gate.intra.daemon.contact) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by gate.intra.daemon.contact (8.16.1/8.16.1) with ESMTPS id 19V2OPRd066969 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 31 Oct 2021 03:24:25 +0100 (CET) (envelope-from peter@gate.intra.daemon.contact) Received: (from peter@localhost) by gate.intra.daemon.contact (8.16.1/8.16.1/Submit) id 19V2OPOh066968 for freebsd-stable@freebsd.org; Sun, 31 Oct 2021 03:24:25 +0100 (CET) (envelope-from peter) Date: Sun, 31 Oct 2021 03:24:25 +0100 From: Peter To: freebsd-stable@freebsd.org Subject: IPv6 inflight fragmentation Message-ID: List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 185.220.148.12; Sender-helo: uucp.dinoex.sub.de;) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [185.220.148.12]); Sun, 31 Oct 2021 03:36:07 +0100 (CET) X-Rspamd-Queue-Id: 4HhgJr1HX3z4X3N X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org has no SPF policy when checking 2a0b:f840::12) smtp.mailfrom=pmc@citylink.dinoex.sub.org X-Spamd-Result: default: False [-2.10 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[sub.org]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE]; RCVD_TLS_LAST(0.00)[] X-ThisMailContainsUnwantedMimeParts: N >From what I understood, inflight fragmentation (on an intermediate router) is not practical with IPv6. But it happens: This router has inbound ethernet and outbound PPPoE: vtnet0: flags=8943 metric 0 mtu 1500 tun0: flags=8151 metric 0 mtu 1492 And that's what is transported - Incoming on vtnet0: IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222.20487 > 2a00:1450:4001:67::8.443: Flags [.], seq 0:1428, ack 1, win 1035, options [nop,nop,TS val 2061109754 ecr 739209924], length 1428 IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222.20487 > 2a00:1450:4001:67::8.443: Flags [.], seq 0:1428, ack 1, win 1035, options [nop,nop,TS val 2061113154 ecr 739209924], length 1428 Outgoing on tun0: IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222 > 2a00:1450:4001:67::8: frag (0|1440) 59241 > 443: Flags [.], seq 0:1408, ack 1, win 1035, options [nop,nop,TS val 2312762048 ecr 739149759], length 1408 IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222 > 2a00:1450:4001:67::8: frag (1440|20) IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222 > 2a00:1450:4001:67::8: frag (0|1440) 59243 > 443: Flags [.], seq 1:1409, ack 1, win 1035, options [nop,nop,TS val 3069543472 ecr 739199972], length 1408 IP6 2003:e7:1740:a7e0:41d:92ff:fe01:222 > 2a00:1450:4001:67::8: frag (1440|20) And it doesn't seem like these packets would be answered at all. This happens when there is a dummynet pipe/queue rule (or a divert rule) in the outbound rules to an interface that must reduce the MTU. As soon as we skip over that dummynet (or divert), we get these ICMPv6 messages at the other end, and the fragmentation ceases: 02:59:53.651258 IP6 2003:e7:1740:a7ff::2 > 2003:e7:1740:a7e0:41d:92ff:fe01:222: ICMP6, packet too big, mtu 1492, length 1240 02:59:53.693376 IP6 2003:e7:1740:a7ff::2 > 2003:e7:1740:a7e0:41d:92ff:fe01:222: ICMP6, packet too big, mtu 1492, length 1240 So the problem is with dummynet and divert. Cheerio, PMc