[ipv6hackers] funny FreeBSD bug

Marc Heuse mh at mh-sec.de
Thu Jul 26 17:35:43 CEST 2012

I found a funny bug in freebsd (9.0 with all updates):
if you send an ICMP toobig message to it with a too low MTU size,
FreeBSD will prepend any packet data with an one-shot fragment (or
atomic fragment as Fernando calls it).

  Frag Hdr Offset 0, No more Frags Bit set

to test with the thc-ipv6 package (v1.9):
  toobig6 eth1 freebsd-ipv6-addr your-ipv6-addr 68


Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list