1
17.7 Legacy Series / Failed: IPv6 fragmented packet delivery
« on: October 14, 2017, 08:14:17 am »
Greetings,
In the United States using Xfinity Internet I see failed IP fragmented packet delivery over IPv6 using OPNsense 17.7.5.
You can run a test here:
http://icmpcheckv6.popcount.org/
Reference:
https://blog.cloudflare.com/ip-fragmentation-is-broken/
Could someone else using OPNsense 17.7.x with a IPv6 connection run the test at http://icmpcheckv6.popcount.org/ and report your results? Specifically I see:
If I use curl + tcpdump I see:
Thank you!
In the United States using Xfinity Internet I see failed IP fragmented packet delivery over IPv6 using OPNsense 17.7.5.
You can run a test here:
http://icmpcheckv6.popcount.org/
Reference:
https://blog.cloudflare.com/ip-fragmentation-is-broken/
Could someone else using OPNsense 17.7.x with a IPv6 connection run the test at http://icmpcheckv6.popcount.org/ and report your results? Specifically I see:
Quote
IP fragmented packet delivery
✗ The request timed out. Looks like IP fragments failed to be delivered to you.
If I use curl + tcpdump I see:
Code: [Select]
curl -v -s http://icmpcheckv6.popcount.org/frag -o /dev/null
* Trying 2a01:7e01::f03c:91ff:fe16:a2e9...
* TCP_NODELAY set
* Connected to icmpcheckv6.popcount.org (2a01:7e01::f03c:91ff:fe16:a2e9) port 80 (#0)
> GET /frag HTTP/1.1
> Host: icmpcheckv6.popcount.org
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 14 Oct 2017 05:49:38 GMT
< Content-Type: text/plain; charset=utf-8
< Connection: close
< Transfer-Encoding: chunked
<
{ [14 bytes data]
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
Code: [Select]
tcpdump -ni igb0 '(ip[6] & (1<<5)) != 0 or (ip[7] != 0) or (ip[6] & ((1<<5)-1) != 0) or ip6[6] == 44'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:49:38.585841 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 87111905:87112385, ack 4046851107, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:38.616794 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 1428:1908, ack 1, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:38.647635 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 2856:3336, ack 1, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:38.678546 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 4284:4764, ack 1, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:38.709258 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 5712:6192, ack 1, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:38.739918 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [P.], seq 7140:7620, ack 1, win 224, options [nop,nop,TS val 1674343770 ecr 2705732609], length 480: HTTP
01:49:39.004806 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [P.], seq 7140:7620, ack 1, win 224, options [nop,nop,TS val 1674343896 ecr 2705732747], length 480: HTTP
01:49:39.405000 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674344016 ecr 2705732747], length 480: HTTP
01:49:40.205523 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674344256 ecr 2705732747], length 480: HTTP
01:49:41.805125 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674344736 ecr 2705732747], length 480: HTTP
01:49:45.111728 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674345728 ecr 2705732747], length 480: HTTP
01:49:51.511640 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674347648 ecr 2705732747], length 480: HTTP
01:50:04.311778 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674351488 ecr 2705732747], length 480: HTTP
01:50:30.338806 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674359296 ecr 2705732747], length 480: HTTP
01:51:21.539176 IP6 2a01:7e01::f03c:91ff:fe16:a2e9 > xxx: frag (0|512) 80 > 47493: Flags [.], seq 0:480, ack 1, win 224, options [nop,nop,TS val 1674374656 ecr 2705732747], length 480: HTTP
Thank you!