[ipv6hackers] funny FreeBSD bug

Marc Heuse mh at mh-sec.de
Thu Jul 26 22:18:24 CEST 2012

Thank you Simon, even after that many years there is something new to
learn in ipv6 :-)
Current Windows 7 now behaves the same as well, my Linux does not
(Fernado documented that it is in the 3.x kernel though)


Am 26.07.2012 19:36, schrieb Simon Perreault:
> Le 2012-07-26 10:26, Marc Heuse a écrit :
>>> Why do you think it's a bug?
>> first it servs no use to add the fragmentation header if the packet is
>> not fragmented. second I have not seen this behaviour in other OS,
>> however I havent looked for it though.
>>> Seems like normal IPv6 behaviour to me. It's in the RFC...
>> I cant remember having seen this in any rfc - do you have a pointer?
> RFC 2460 section 5:
>    In response to an IPv6 packet that is sent to an IPv4 destination
>    (i.e., a packet that undergoes translation from IPv6 to IPv4), the
>    originating IPv6 node may receive an ICMP Packet Too Big message
>    reporting a Next-Hop MTU less than 1280.  In that case, the IPv6 node
>    is not required to reduce the size of subsequent packets to less than
>    1280, but must include a Fragment header in those packets so that the
>    IPv6-to-IPv4 translating router can obtain a suitable Identification
>    value to use in resulting IPv4 fragments.  Note that this means the
>    payload may have to be reduced to 1232 octets (1280 minus 40 for the
>    IPv6 header and 8 for the Fragment header), and smaller still if
>    additional extension headers are used.
> Simon

Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list