IETF Logo Mail Archive

Re: RFC 8201 Packet Too Big Processing

Tom Herbert <tom@herbertland.com> Mon, 20 April 2020 17:45 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D47B3A0C2B for <ipv6@ietfa.amsl.com>; Mon, 20 Apr 2020 10:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cn0UjVdmsM60 for <ipv6@ietfa.amsl.com>; Mon, 20 Apr 2020 10:44:54 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77EC43A0B69 for <6man@ietf.org>; Mon, 20 Apr 2020 10:44:26 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id q8so8651259eja.2 for <6man@ietf.org>; Mon, 20 Apr 2020 10:44:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jQGXEUov+W+F9cb1vQvrQB9Ehv5g8IF/1WjVWHnPE8c=; b=cTyTCnhHx4eEN5Pkem1R8Jc/l+gK6OidKfeppUcinkDoIZVhpYOOTvqO8f8fl19bCt dIl/DxgUcBBZ63v5k2iLt8zRzqzpiCzuGF3BKx7JgHZKAPxXYeK970P0ghBwZBAzLpX7 l3rdIpnJKQqtrOXw5D1GFG4obpsZLlbpUrXVf9pfNypxHNSDOhMwWKvpzn2JlvnNJKuJ yye6lPhtSiX/y04JG5n0dpmqXOiRaAiwVKf0XwBriqfYUBhm8KzvB4YDwdWZybrOoyf+ oXBASgImKddlxokfgbnCD4nELYNUxCzIxpLXaUg6as5vuumE7R25Vs8R1uij+BOZ31tb zarA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jQGXEUov+W+F9cb1vQvrQB9Ehv5g8IF/1WjVWHnPE8c=; b=NHiH+CbUkU5vRduKrTRxtveXkCTkJH+glI0F+0AGJd+Pd6duLnzQ0DP+1Q9Loq1/5u ytSvJQJHd3HS1CVafgrD/MLtxOQ4Za5fn/MKDatlbjcAgtmnN1wpzmpXJcXk32iVoVnl JkvyssgOtKQ7IzDR9lwosDguuTP/idZwgGV7WLdnvSqUihYKMuvnE1FSE8P4oszjNzIc KRteG36mkN8tnl3tjH1HPYcARLEJC8ps9EH96faNp0jAXvwFtTFpGtWJQcSu4QIDpUsO A2XaXzBh0ehP64gqiHGXosQg2idxBMPX9HEu8ZvgPJNR4yz+JLlnNSbHb2pimOpFOo0N w9Jw==
X-Gm-Message-State: AGi0PuZGu8Amr1u0wvJbnXmtg6V3m9mEQHCutgWf2+sn2ftTYEuMiu0w wixHp71fspzGdBAse4FcuUNhnmD2YT1w5LbnyaEV+A==
X-Google-Smtp-Source: APiQypIRDMn86eZ7ZscrtTl96SrWBwepLUk2H70uiz6F3bAIbfFsoD9TzXPQ9WeF/gLZturlrTw9gk6ruyZ7UCEZoXs=
X-Received: by 2002:a17:906:9450:: with SMTP id z16mr16701787ejx.166.1587404664032; Mon, 20 Apr 2020 10:44:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAB-aFv8wVjcXB73wLrBupbq3XLdmdMWE9i-8+TwHfYQE6V52_w@mail.gmail.com> <a878bb68-38a9-0c0e-0006-c7830122cdee@si6networks.com> <CAB-aFv_h=f7t7cSro+GWttzK_cWm8H0-cN0CFt_KC74rqK_SUw@mail.gmail.com> <9bbd5fa4-c00f-3be1-9e09-a7299ce2b9dc@si6networks.com> <CAB-aFv8LPw+wEBaDYSB60Fgc=8kjAyu+wV66Ps0qV9CzG2j=rA@mail.gmail.com> <8b68f065-ff5f-9444-85fe-792045eb6529@si6networks.com> <CAB-aFv9nvP_EJJvKkRPFNZ6OAQ8YHr+oz6wbph+vp4092-VoeA@mail.gmail.com> <CAB-aFv_x3TXk-H-LH3+KY-vxYuGyjQWX5RxqWOM7c=vbTs96VA@mail.gmail.com> <CAMGpriW8MR-KA8+bTKH7bDZpAQcynJyKunqTz2ya4i8-F4hocw@mail.gmail.com> <CAJgLMKt4cj-Tr2uT5T_2mmmnKV7tamVoUCZ3_R4jkdXvTQMz3Q@mail.gmail.com> <06CD5D65-13A7-4F5C-80F1-75809ABDC249@gmail.com> <CAJgLMKvPi9ywqFhK5Pnu_Hij=7R7eHMzmfEEGciEJC=Gdeg2cA@mail.gmail.com>
In-Reply-To: <CAJgLMKvPi9ywqFhK5Pnu_Hij=7R7eHMzmfEEGciEJC=Gdeg2cA@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 20 Apr 2020 10:44:12 -0700
Message-ID: <CALx6S36LOeiMwdUjEE1YZu0BdkGS_BdT6yucbusSfVp8feHofw@mail.gmail.com>
Subject: Re: RFC 8201 Packet Too Big Processing
To: Timothy Winters <tim@qacafe.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/8CI8SO10Z_RZvSEiYxpmtkB6xJQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 17:45:09 -0000

On Mon, Apr 20, 2020 at 10:14 AM Timothy Winters <tim@qacafe.com> wrote:
>
> Hi Bob,
>
> Thanks for the clarity, I couldn't find that line earlier.  I think this means that Linux is currently not following this line and processing the PTB.
>
Timothy,

Yes, Linux does not check the MTU value in the PTB message, it sets
PMTU to the maximum of 1280 and the received value. I'll propose a fix
on netdev list shortly.

Tom

> ~Tim
>
> On Mon, Apr 20, 2020 at 12:35 PM Bob Hinden <bob.hinden@gmail.com> wrote:
>>
>> Tim,
>>
>> RFC8201 is very clear on this, from Section 4:
>>
>>    If a node receives a Packet Too Big message reporting a next-hop MTU
>>    that is less than the IPv6 minimum link MTU, it must discard it.  A
>>    node must not reduce its estimate of the Path MTU below the IPv6
>>    minimum link MTU on receipt of a Packet Too Big message.
>>
>> Bob
>>
>>
>>
>> > On Apr 20, 2020, at 9:10 AM, Timothy Winters <tim@qacafe.com> wrote:
>> >
>> > Hi Erik,
>> >
>> > So I think the confusion comes from this line in 8021.
>> >
>> > "The recommendation in the previous bullet ensures that there are
>> >       no longer any valid reasons for ICMPv6 PTB error messages
>> >       reporting an MTU value smaller than the minimum IPv6 MTU
>> >       (1280 bytes).  IPv6 nodes should therefore be updated to ignore
>> >       ICMPv6 PTB error messages reporting an MTU smaller than 1280 bytes
>> >       as invalid."
>> >
>> > So devices should ignore ICMPv6 PTB if smaller then 1280 based on this reading.
>> >
>> > ~Tim
>> >
>> > On Sat, Apr 18, 2020 at 7:38 PM Erik Kline <ek.ietf@gmail.com> wrote:
>> > If the host downgrades the path mtu to 1280 (and no lower), that seems fine to me.
>> > 8201 section 3:
>> >
>> > """
>> >    Alternatively, the node may elect to end the discovery process by
>> >    ceasing to send packets larger than the IPv6 minimum link MTU.
>> > """
>> >
>> > And later on:
>> >
>> > """
>> >    The node then uses the value in the MTU field in the Packet Too Big
>> >    message as a tentative PMTU value or the IPv6 minimum link MTU if
>> >    that is larger, and compares the tentative PMTU to the existing PMTU.
>> > """
>> >
>> > I think the "it" that is to be discarded is likely not clear..  If a node discards the whole packet then no new MTU information can be learned.  Rather, the "it" is the MTU value in the PTB and discarding /that/ and using IPv6 MTU instead seems perfectly reasonable to me and allowed by the text..
>> >
>> > On Fri, Apr 10, 2020 at 1:17 PM Timothy Carlin <tjcarlin@iol.unh.edu> wrote:
>> > On Fri, Apr 10, 2020 at 2:33 PM Timothy Carlin <tjcarlin@iol.unh.edu> wrote:
>> > On Fri, Apr 10, 2020 at 2:20 PM Fernando Gont <fgont@si6networks.com> wrote:
>> > On 10/4/20 14:36, Timothy Carlin wrote:
>> > > On Fri, Apr 10, 2020 at 1:27 PM Fernando Gont <fgont@si6networks.com
>> > > <mailto:fgont@si6networks.com>> wrote:
>> > >
>> > >     On 10/4/20 14:19, Timothy Carlin wrote:
>> > >      > Hi Fernando,
>> > >      >
>> > >      > On Fri, Apr 10, 2020 at 1:14 PM Fernando Gont
>> > >     <fgont@si6networks.com <mailto:fgont@si6networks.com>
>> > >      > <mailto:fgont@si6networks.com <mailto:fgont@si6networks.com>>> wrote:
>> > >      >
>> > >      >     Hello, Tim,
>> > >      >
>> > >      >     On 10/4/20 14:07, Timothy Carlin wrote:
>> > >      >      > Hello,
>> > >      >      >
>> > >      >      > We've noticed during testing for RFC 8200 and 8201 that,
>> > >     for packets
>> > >      >      > larger than 1280, the Linux kernel is processing invalid
>> > >     Packet
>> > >      >     Too Big
>> > >      >      > messages that indicate an MTU less than 1280, and subsequently
>> > >      >      > fragmenting packets to a size of 1280. We've seen this
>> > >     with 4.15
>> > >      >     and 4.18.
>> > >      >      >
>> > >      >      > This is from Section 4 of RFC 8201:
>> > >      >      >
>> > >      >      >  >   If a node receives a Packet Too Big message reporting a
>> > >      >     next-hop MTU
>> > >      >      >  >   that is less than the IPv6 minimum link MTU, it must
>> > >     discard it.
>> > >      >      >
>> > >      >      > Have others noticed this issue with Linux or other OSes?  I'll
>> > >      >     also note
>> > >      >      > that it correctly does not generate an atomic fragment if the
>> > >      >     packet is
>> > >      >      > less than 1280 bytes....
>> > >      >
>> > >      >     I'm trying to understand the scenario...
>> > >      >
>> > >      >     Host sends a packet of size > 1280
>> > >      >     It receives an ICMPv6 PTB < 1280
>> > >      >     And it retransmit the packet as a fragmented packet, where
>> > >     none of the
>> > >      >     fragments is larger than 1280 bytes?
>> > >      >
>> > >      >
>> > >      > This is correct.  Since the ICMPv6 PTB < 1280, and invalid, we would
>> > >      > expect the PTB to be discarded, and subsequent packets (for that
>> > >      > destination) to remain unfragmented.
>> > >
>> > >     Agreed. Unless I'm missing something, there's no point in doing that
>> > >     (at
>> > >     the end of the day, if the offending MTU was < 1280, fragmenting
>> > >     packets
>> > >     at 1280 will be of no use).
>> > >
>> > >     Can you provide the exact kernel version, so I may try to take a
>> > >     look at
>> > >     the kernel code and figure out what's going on?
>> > >
>> > >
>> > > 4.15.0-96-generic and 4.18.0-147 both seem to have this issue.
>> >
>> > Have you tried with newer kernels? e.g., I'm running 5.3.0-42-generic here.
>> >
>> >  I have not.  These were from two relatively new distributions, but apparently are lagging on the kernel version.  I'll try something newer.
>> >
>> > Indications are that this remains broken as of 5.3.0-050300-generic.  Let me know if you want me to try another version.
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email