Re: RFC 8201 Packet Too Big Processing
Tom Herbert <tom@herbertland.com> Mon, 20 April 2020 17:45 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D47B3A0C2B for <ipv6@ietfa.amsl.com>; Mon, 20 Apr 2020 10:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cn0UjVdmsM60 for <ipv6@ietfa.amsl.com>; Mon, 20 Apr 2020 10:44:54 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77EC43A0B69 for <6man@ietf.org>; Mon, 20 Apr 2020 10:44:26 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id q8so8651259eja.2 for <6man@ietf.org>; Mon, 20 Apr 2020 10:44:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jQGXEUov+W+F9cb1vQvrQB9Ehv5g8IF/1WjVWHnPE8c=; b=cTyTCnhHx4eEN5Pkem1R8Jc/l+gK6OidKfeppUcinkDoIZVhpYOOTvqO8f8fl19bCt dIl/DxgUcBBZ63v5k2iLt8zRzqzpiCzuGF3BKx7JgHZKAPxXYeK970P0ghBwZBAzLpX7 l3rdIpnJKQqtrOXw5D1GFG4obpsZLlbpUrXVf9pfNypxHNSDOhMwWKvpzn2JlvnNJKuJ yye6lPhtSiX/y04JG5n0dpmqXOiRaAiwVKf0XwBriqfYUBhm8KzvB4YDwdWZybrOoyf+ oXBASgImKddlxokfgbnCD4nELYNUxCzIxpLXaUg6as5vuumE7R25Vs8R1uij+BOZ31tb zarA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jQGXEUov+W+F9cb1vQvrQB9Ehv5g8IF/1WjVWHnPE8c=; b=NHiH+CbUkU5vRduKrTRxtveXkCTkJH+glI0F+0AGJd+Pd6duLnzQ0DP+1Q9Loq1/5u ytSvJQJHd3HS1CVafgrD/MLtxOQ4Za5fn/MKDatlbjcAgtmnN1wpzmpXJcXk32iVoVnl JkvyssgOtKQ7IzDR9lwosDguuTP/idZwgGV7WLdnvSqUihYKMuvnE1FSE8P4oszjNzIc KRteG36mkN8tnl3tjH1HPYcARLEJC8ps9EH96faNp0jAXvwFtTFpGtWJQcSu4QIDpUsO A2XaXzBh0ehP64gqiHGXosQg2idxBMPX9HEu8ZvgPJNR4yz+JLlnNSbHb2pimOpFOo0N w9Jw==
X-Gm-Message-State: AGi0PuZGu8Amr1u0wvJbnXmtg6V3m9mEQHCutgWf2+sn2ftTYEuMiu0w wixHp71fspzGdBAse4FcuUNhnmD2YT1w5LbnyaEV+A==
X-Google-Smtp-Source: APiQypIRDMn86eZ7ZscrtTl96SrWBwepLUk2H70uiz6F3bAIbfFsoD9TzXPQ9WeF/gLZturlrTw9gk6ruyZ7UCEZoXs=
X-Received: by 2002:a17:906:9450:: with SMTP id z16mr16701787ejx.166.1587404664032; Mon, 20 Apr 2020 10:44:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAB-aFv8wVjcXB73wLrBupbq3XLdmdMWE9i-8+TwHfYQE6V52_w@mail.gmail.com> <a878bb68-38a9-0c0e-0006-c7830122cdee@si6networks.com> <CAB-aFv_h=f7t7cSro+GWttzK_cWm8H0-cN0CFt_KC74rqK_SUw@mail.gmail.com> <9bbd5fa4-c00f-3be1-9e09-a7299ce2b9dc@si6networks.com> <CAB-aFv8LPw+wEBaDYSB60Fgc=8kjAyu+wV66Ps0qV9CzG2j=rA@mail.gmail.com> <8b68f065-ff5f-9444-85fe-792045eb6529@si6networks.com> <CAB-aFv9nvP_EJJvKkRPFNZ6OAQ8YHr+oz6wbph+vp4092-VoeA@mail.gmail.com> <CAB-aFv_x3TXk-H-LH3+KY-vxYuGyjQWX5RxqWOM7c=vbTs96VA@mail.gmail.com> <CAMGpriW8MR-KA8+bTKH7bDZpAQcynJyKunqTz2ya4i8-F4hocw@mail.gmail.com> <CAJgLMKt4cj-Tr2uT5T_2mmmnKV7tamVoUCZ3_R4jkdXvTQMz3Q@mail.gmail.com> <06CD5D65-13A7-4F5C-80F1-75809ABDC249@gmail.com> <CAJgLMKvPi9ywqFhK5Pnu_Hij=7R7eHMzmfEEGciEJC=Gdeg2cA@mail.gmail.com>
In-Reply-To: <CAJgLMKvPi9ywqFhK5Pnu_Hij=7R7eHMzmfEEGciEJC=Gdeg2cA@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 20 Apr 2020 10:44:12 -0700
Message-ID: <CALx6S36LOeiMwdUjEE1YZu0BdkGS_BdT6yucbusSfVp8feHofw@mail.gmail.com>
Subject: Re: RFC 8201 Packet Too Big Processing
To: Timothy Winters <tim@qacafe.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/8CI8SO10Z_RZvSEiYxpmtkB6xJQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 17:45:09 -0000
On Mon, Apr 20, 2020 at 10:14 AM Timothy Winters <tim@qacafe.com> wrote: > > Hi Bob, > > Thanks for the clarity, I couldn't find that line earlier. I think this means that Linux is currently not following this line and processing the PTB. > Timothy, Yes, Linux does not check the MTU value in the PTB message, it sets PMTU to the maximum of 1280 and the received value. I'll propose a fix on netdev list shortly. Tom > ~Tim > > On Mon, Apr 20, 2020 at 12:35 PM Bob Hinden <bob.hinden@gmail.com> wrote: >> >> Tim, >> >> RFC8201 is very clear on this, from Section 4: >> >> If a node receives a Packet Too Big message reporting a next-hop MTU >> that is less than the IPv6 minimum link MTU, it must discard it. A >> node must not reduce its estimate of the Path MTU below the IPv6 >> minimum link MTU on receipt of a Packet Too Big message. >> >> Bob >> >> >> >> > On Apr 20, 2020, at 9:10 AM, Timothy Winters <tim@qacafe.com> wrote: >> > >> > Hi Erik, >> > >> > So I think the confusion comes from this line in 8021. >> > >> > "The recommendation in the previous bullet ensures that there are >> > no longer any valid reasons for ICMPv6 PTB error messages >> > reporting an MTU value smaller than the minimum IPv6 MTU >> > (1280 bytes). IPv6 nodes should therefore be updated to ignore >> > ICMPv6 PTB error messages reporting an MTU smaller than 1280 bytes >> > as invalid." >> > >> > So devices should ignore ICMPv6 PTB if smaller then 1280 based on this reading. >> > >> > ~Tim >> > >> > On Sat, Apr 18, 2020 at 7:38 PM Erik Kline <ek.ietf@gmail.com> wrote: >> > If the host downgrades the path mtu to 1280 (and no lower), that seems fine to me. >> > 8201 section 3: >> > >> > """ >> > Alternatively, the node may elect to end the discovery process by >> > ceasing to send packets larger than the IPv6 minimum link MTU. >> > """ >> > >> > And later on: >> > >> > """ >> > The node then uses the value in the MTU field in the Packet Too Big >> > message as a tentative PMTU value or the IPv6 minimum link MTU if >> > that is larger, and compares the tentative PMTU to the existing PMTU. >> > """ >> > >> > I think the "it" that is to be discarded is likely not clear.. If a node discards the whole packet then no new MTU information can be learned. Rather, the "it" is the MTU value in the PTB and discarding /that/ and using IPv6 MTU instead seems perfectly reasonable to me and allowed by the text.. >> > >> > On Fri, Apr 10, 2020 at 1:17 PM Timothy Carlin <tjcarlin@iol.unh.edu> wrote: >> > On Fri, Apr 10, 2020 at 2:33 PM Timothy Carlin <tjcarlin@iol.unh.edu> wrote: >> > On Fri, Apr 10, 2020 at 2:20 PM Fernando Gont <fgont@si6networks.com> wrote: >> > On 10/4/20 14:36, Timothy Carlin wrote: >> > > On Fri, Apr 10, 2020 at 1:27 PM Fernando Gont <fgont@si6networks.com >> > > <mailto:fgont@si6networks.com>> wrote: >> > > >> > > On 10/4/20 14:19, Timothy Carlin wrote: >> > > > Hi Fernando, >> > > > >> > > > On Fri, Apr 10, 2020 at 1:14 PM Fernando Gont >> > > <fgont@si6networks.com <mailto:fgont@si6networks.com> >> > > > <mailto:fgont@si6networks.com <mailto:fgont@si6networks.com>>> wrote: >> > > > >> > > > Hello, Tim, >> > > > >> > > > On 10/4/20 14:07, Timothy Carlin wrote: >> > > > > Hello, >> > > > > >> > > > > We've noticed during testing for RFC 8200 and 8201 that, >> > > for packets >> > > > > larger than 1280, the Linux kernel is processing invalid >> > > Packet >> > > > Too Big >> > > > > messages that indicate an MTU less than 1280, and subsequently >> > > > > fragmenting packets to a size of 1280. We've seen this >> > > with 4.15 >> > > > and 4.18. >> > > > > >> > > > > This is from Section 4 of RFC 8201: >> > > > > >> > > > > > If a node receives a Packet Too Big message reporting a >> > > > next-hop MTU >> > > > > > that is less than the IPv6 minimum link MTU, it must >> > > discard it. >> > > > > >> > > > > Have others noticed this issue with Linux or other OSes? I'll >> > > > also note >> > > > > that it correctly does not generate an atomic fragment if the >> > > > packet is >> > > > > less than 1280 bytes.... >> > > > >> > > > I'm trying to understand the scenario... >> > > > >> > > > Host sends a packet of size > 1280 >> > > > It receives an ICMPv6 PTB < 1280 >> > > > And it retransmit the packet as a fragmented packet, where >> > > none of the >> > > > fragments is larger than 1280 bytes? >> > > > >> > > > >> > > > This is correct. Since the ICMPv6 PTB < 1280, and invalid, we would >> > > > expect the PTB to be discarded, and subsequent packets (for that >> > > > destination) to remain unfragmented. >> > > >> > > Agreed. Unless I'm missing something, there's no point in doing that >> > > (at >> > > the end of the day, if the offending MTU was < 1280, fragmenting >> > > packets >> > > at 1280 will be of no use). >> > > >> > > Can you provide the exact kernel version, so I may try to take a >> > > look at >> > > the kernel code and figure out what's going on? >> > > >> > > >> > > 4.15.0-96-generic and 4.18.0-147 both seem to have this issue. >> > >> > Have you tried with newer kernels? e.g., I'm running 5.3.0-42-generic here. >> > >> > I have not. These were from two relatively new distributions, but apparently are lagging on the kernel version. I'll try something newer. >> > >> > Indications are that this remains broken as of 5.3.0-050300-generic. Let me know if you want me to try another version. >> > -------------------------------------------------------------------- >> > IETF IPv6 working group mailing list >> > ipv6@ietf.org >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > -------------------------------------------------------------------- >> > -------------------------------------------------------------------- >> > IETF IPv6 working group mailing list >> > ipv6@ietf.org >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > -------------------------------------------------------------------- >> > -------------------------------------------------------------------- >> > IETF IPv6 working group mailing list >> > ipv6@ietf.org >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > -------------------------------------------------------------------- >> > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- RFC 8201 Packet Too Big Processing Timothy Carlin
- Re: RFC 8201 Packet Too Big Processing Fernando Gont
- Re: RFC 8201 Packet Too Big Processing Timothy Carlin
- Re: RFC 8201 Packet Too Big Processing Fernando Gont
- Re: RFC 8201 Packet Too Big Processing Timothy Carlin
- Re: RFC 8201 Packet Too Big Processing Fernando Gont
- Re: RFC 8201 Packet Too Big Processing Timothy Carlin
- Re: RFC 8201 Packet Too Big Processing Timothy Carlin
- Re: RFC 8201 Packet Too Big Processing Erik Kline
- Re: RFC 8201 Packet Too Big Processing Timothy Winters
- Re: RFC 8201 Packet Too Big Processing Bob Hinden
- Re: RFC 8201 Packet Too Big Processing Timothy Winters
- Re: RFC 8201 Packet Too Big Processing Tom Herbert