Non-fragmented ICMPv6 packets with an IPv6 fragment header

To:	netdev@xxxxxxxxxxx
Subject:	Non-fragmented ICMPv6 packets with an IPv6 fragment header
From:	"Richard Jørgensen" <ric@xxxxxxx>
Date:	18 Apr 2000 13:40:46 +0200
Reply-to:	ric@xxxxxxx
Sender:	owner-netdev@xxxxxxxxxxx
User-agent:	Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.3

Linux IPv6 stack seems to have a problem receiving ICMP6 packets, if
the IPv6 packet contain a fragment header, but is not fragmentet
(i.e. the entire packet is in _one_ fragment.
It seems only to be a problem with ICMP6 - having an "unused" fragment
header in a TCP-packet does not seem to give any problems.

I have tested this with kernel 2.2.14 and 2.3.99-pre5, using ICMP6
echo-request and ICMP6 echo reply.

To illustrate: 
  +--------+
  |IPv6 hdr+
  +--------+
  | ICMP6  +
  +--------+
 Fig 1: A "normal" echo request, which is accepted:

  +-------------+
  |  IPv6 hdr   +
  +-------------+
  |Fragment hdr +
  +-------------+
  |   ICMP6     +
  +-------------+
 Fig 2: A "one-fragment" echo request, which is *not* accepted:

Now, before you scream "why on earth would you put a fragment header
on a non-fragmented packet" i better explain my background.

I'm writing a NAT-PT translator (RFC-2766) for the Telebit router, and
the Protocol Translation part (defined in RFC-2765) defines
translation of IP/ICMP in the following way:
   [...] IPv4 packets with DF not set will always result in a fragment
   header being added to the [IPv6] packet [...]

In other words: The value of the DF (Dont't Fragment) bit in the IPv4
header is translated to the existence/non-existence of a
fragment-header in IPv6.

Now, when i send an echo-request through the NAT-PT, the following
happens on linux (the full packets are included at the end of this mail):
  1   0.000000 3ffe:110:0:1::c0a8:a842 -> 3ffe:110:0:1::c0a8:a835 ICMPv6 Echo 
request
  2   6.456773 3ffe:110:0:1::c0a8:a835 -> 3ffe:110:0:1::c0a8:a842 ICMPv6 Time 
exceeded (Reassembly)

My guess is that the following happens in Linux IPv6 stack:
 * Linux receives the echo-request.
 * Linux notes the fragmentation header, and calls a defragmentation routine
 * The defragmentation routine waits for more packets, without checking
   first is all fragments are already received.
 * Defragmentation times out, and send a ICMP6 Time exceeded.

But then I don't know why IPv6-TCP is unaffected by one-piece packets
with a fragmentation header.

I hope someone on this list knows the IPv6 networking code well enough
to find an explanation and hopefully a bugfix.

/ric

**************************************************************************
*** The following are the ICMP6 echo-request and Time exceeded packets ***
**************************************************************************
Frame 1 (126 on wire, 126 captured)
    Arrival Time: Apr 18, 2000 10:27:19.3065
    Time delta from previous packet: 0.000000 seconds
    Frame Number: 1
    Packet Length: 126 bytes
    Capture Length: 126 bytes
Ethernet II
    Destination: 00:10:4b:3d:d2:72 (Richard)
    Source: 00:c0:33:0c:00:16 (Telebit_0c:00:16)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6
    Version: 6
    Traffic class: 0x00
    Flowlabel: 0x00000
    Payload length: 72
    Next header: IPv6 fragment (0x2c)
    Hop limit: 63
    Source address: 3ffe:110:0:1::c0a8:a842
    Destination address: 3ffe:110:0:1::c0a8:a835
IPv6 fragment
    Next header: ICMPv6 (0x3a)
    Fragment offset: 0
    More fragments: Not set
    Identification: 0xea50
Internet Control Message Protocol v6
    Type: 0x80 (Echo request)
    Checksum: 0xe989
    ID: 0xb472
    Sequence: 0x0000
    Data (56 bytes)


Frame 2 (174 on wire, 174 captured)
    Arrival Time: Apr 18, 2000 10:27:25.7633
    Time delta from previous packet: 6.456773 seconds
    Frame Number: 2
    Packet Length: 174 bytes
    Capture Length: 174 bytes
Ethernet II
    Destination: 00:c0:33:0c:00:16 (Telebit_0c:00:16)
    Source: 00:10:4b:3d:d2:72 (Richard)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6
    Version: 6
    Traffic class: 0x00
    Flowlabel: 0x00000
    Payload length: 120
    Next header: ICMPv6 (0x3a)
    Hop limit: 64
    Source address: 3ffe:110:0:1::c0a8:a835
    Destination address: 3ffe:110:0:1::c0a8:a842
Internet Control Message Protocol v6
    Type: 0x03 (Time exceeded)
    Code: 0x01 (Reassembly)
    Checksum: 0xf792
    Internet Protocol Version 6
        Version: 6
        Traffic class: 0x00
        Flowlabel: 0x00000
        Payload length: 72
        Next header: IPv6 fragment (0x2c)
        Hop limit: 254
        Source address: 3ffe:110:0:1::c0a8:a842
        Destination address: 3ffe:110:0:1::c0a8:a835
    Internet Control Message Protocol v6
        Type: 0x81 (Echo reply)
        Checksum: 0xc3a0
        ID: 0x9a03
        Sequence: 0x0000
        Data (56 bytes)
-- 
Richard Jørgensen                     System Developer, M. Sc. 
Ericsson Telebit A/S                  Tel: +45 86 28 81 76
Fabrikvej 11                          Fax: +45 86 28 81 86
DK-8260 Viby J, Denmark               E-mail: ric@xxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
Non-fragmented ICMPv6 packets with an IPv6 fragment header, Richard Jørgensen <= Re: Non-fragmented ICMPv6 packets with an IPv6 fragment header, kuznet Re: Non-fragmented ICMPv6 packets with an IPv6 fragment header, Richard Jørgensen

Previous by Date:	v6 mysteriously unreachable routes (2.2.15pre15), Rafal Maszkowski
Next by Date:	Re: Real Time, Ralf Baechle
Previous by Thread:	v6 mysteriously unreachable routes (2.2.15pre15), Rafal Maszkowski
Next by Thread:	Re: Non-fragmented ICMPv6 packets with an IPv6 fragment header, kuznet
Indexes:	[Date] [Thread] [Top] [All Lists]