kern/55654: IP fragment reassembly broken

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/55654: IP fragment reassembly broken
From: kardel%netbsd.org@localhost
Date: Fri, 11 Sep 2020 09:50:00 +0000 (UTC)

>Number:         55654
>Category:       kern
>Synopsis:       IP fragment reassembly broken
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 11 09:50:00 +0000 2020
>Originator:     Frank Kardel
>Release:        NetBSD 9.99.72
>Organization:
	
>Environment:
	
	
System: NetBSD gateway 9.99.72 NetBSD 9.99.72 (GENERIC) #0: Thu Sep 10 06:02:30 UTC 2020 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	On newer -current kernels IP fragment reassembly fails. IP packets with sizes larger
	then the path MTU never reach the application (e. g. x509 IKEv1 ident packets)

	Statistics indication (netstat -s):
ip:
	20673 total packets received
	0 bad header checksums
	0 with size smaller than minimum
	0 with data size < data length
	0 with length > max ip packet size
	0 with header length < data size
	0 with data length < header length
	0 with bad options
	0 with incorrect version number
>>>	142 fragments received
	0 fragments dropped (dup or out of space)
	0 fragments dropped (out of ipqent)
	0 malformed fragments dropped
>>>!	136 fragments dropped after timeout
	0 packets reassembled ok
	18759 packets for this host
	0 packets for unknown/unsupported protocol
	806 packets forwarded (0 packets fast forwarded)
	28 packets not forwardable
	0 redirects sent
	0 packets no matching gif found
	0 packets no matching ipsecif found
	20750 packets sent from this host
	7 packets sent with fabricated ip header
	0 output packets dropped due to no bufs, etc.
	0 output packets discarded due to no route
	1 output datagram fragmented
	1 fragment created
	4 datagrams that can't be fragmented
	0 datagrams with bad address in header
	938 input packets dropped by pfil
	482 output packets dropped by pfil
	0 input packets dropped by IPsec
	0 output packets dropped by IPsec
	0 input packets dropped due to interface state
	0 packets dropped due to TTL exceeded
	0 output packets dropped (no IP address)
	36 output packets discarded due to reject route
	0 output packets dropped (broadcast prohibited)
>How-To-Repeat:
	run a new -current kernel an try to receive fragmented IP packets
>Fix:
	find the commit that broke it...

>Unformatted:

Follow-Ups:
- Re: kern/55654: IP fragment reassembly broken
  - From: Frank Kardel

Prev by Date: port-sh3/55653: Add SH7780 SCIF support
Next by Date: Re: kern/55654: IP fragment reassembly broken
Previous by Thread: port-sh3/55653: Add SH7780 SCIF support
Next by Thread: Re: kern/55654: IP fragment reassembly broken
Indexes:

Home | Main Index | Thread Index | Old Index