Date: Fri, 19 Feb 2021 20:32:55 -0800 From: Doug Hardie <bc979@lafn.org> To: "net@freebsd.org" <net@FreeBSD.org> Subject: Re: IPv6 Fragmentation Message-ID: <A01F640F-E412-474C-A34C-19B7219BD84D@sermon-archive.info> In-Reply-To: <472A2B49-9BEC-4335-B6FB-AC4DAA0F0310@lurchi.franken.de> References: <CB0FB5AB-5A37-4C40-A103-3E0D97CEA6B9@sermon-archive.info> <472A2B49-9BEC-4335-B6FB-AC4DAA0F0310@lurchi.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 19 February 2021, at 01:48, Michael Tuexen = <michael.tuexen@lurchi.franken.de> wrote: >=20 >> On 19. Feb 2021, at 03:29, Doug Hardie <bc979@lafn.org> wrote: >>=20 >> I don't know if this is a feature or a bug. On FreeBSD 9, the = following ping worked: >>=20 >> ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0 > I don't have a dc0 interface, but using re0 at one side and bge at the = other, I get > with FreeBSD CURRENT: > tuexen@cirrus:~ % ping6 -s 5000 -b 6000 fe80::2e09:4dff:fe00:c00%re0 > PING6(5048=3D40+8+5000 bytes) fe80::aaa1:59ff:fe0c:da92%re0 --> = fe80::2e09:4dff:fe00:c00%re0 > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D0 hlim=3D255 = time=3D0.393 ms > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D1 hlim=3D255 = time=3D0.419 ms > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D2 hlim=3D255 = time=3D0.354 ms > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D3 hlim=3D255 = time=3D0.446 ms > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D4 hlim=3D255 = time=3D0.421 ms > 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=3D5 hlim=3D255 = time=3D0.372 ms > ^C > --- fe80::2e09:4dff:fe00:c00%re0 ping6 statistics --- > 6 packets transmitted, 6 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev =3D 0.354/0.401/0.446/0.031 ms >=20 > Best regards > Michael >>=20 >> It had to be stopped, but it returned the number of ping responses = received along with statistics. >>=20 >> With FreeBSD 12.2 and 13.0-BETA2, it returns 100% packet loss. = tcpdump shows that it properly fragments the data, sends it, the other = end receives it and sends back the ACKs. The ACKs are received, but = somehow ping doesn't find out that the packets were received. >>=20 >> Without the -s and -b arguments, it works and you get 100% packets = received. I found the problem. pf does not handle IPv6 packets that are = fragmented the obvious way. I suspect it is because icmp header is only = in the first fragment. I had to reassemble fragments in pf in order to = make the large pings work. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A01F640F-E412-474C-A34C-19B7219BD84D>