In message <[email protected]>, Fernando Gont writes: > Hi, Mark, > > On 12/21/2011 11:02 AM, Mark Andrews wrote: > >> Such traffic absolutely occurs in the wild. I have three reasonably > >> busy name servers where this is logged as an error from the ipfw code, > >> e.g. > >> > >> Dec 16 14:04:04 slem kernel: IPFW2: IPV6 - Invalid Fragment Header > >> Dec 17 00:27:20 slem kernel: IPFW2: IPV6 - Invalid Fragment Header > [....] > >> > >> This is because these name servers haven't (yet) been upgraded to a > >> FreeBSD version where bug report kern/145733 haven't been fixed. It > >> *is* fixed in newer FreeBSD versions, e.g. 8.2-STABLE. > > > > Not yet. > > http://svnweb.freebsd.org/base/stable/8/sys/netinet/ipfw/ip_fw2.c?view=log > > Is the aforementioned traffic the result of an implementation of your > proposal for for DNS/UDP?
No. I haven't fiddled with any kernel code to do this. I could do it with raw sockets but I havn't done so. The following should work. Bind to a socket so reply traffic is handled then use that socket's port and address to construct a packet with a fragment header to send using the raw socket. My main worry is getting DNS/UDP fragmented at IPv6 minumum MTU as that is not being done today despite the being a API to do it and as a result I'm seeing lookup failures. Forcing the addition of a fragment header is dotting the i's and crossing the t's. The above fix should have been merged by now if the MFC in 2 weeks had been heeded. 8-stable is still FreeBSD's latest stable branch. 9.0 is still at release candidate. Mark > If that's the case, what's the interface that you use for forcing the > atomic fragments? > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
