[Openswan dev] IPv6 fragmentation for KLIPS vs NETKEY

Paul Wouters paul at xelerance.com
Tue Apr 26 20:50:56 EDT 2011

On Mon, 25 Apr 2011, Paul Wouters wrote:

> Subject: [Openswan dev] IPv6 fragmentation for KLIPS vs NETKEY

I fixed the fragmentation code, it will be in openswan 2.6.34.

One thing I wanted to bring up to be sure we're not making a mistake is
the following.

We originally did our tests with ping6 packet sizes, but the code was
explicitly not sending any ICMP6 messages if the packet that was too
big was itself an ICMP6 message. I removed this check, as I don't think
this is needed. The only "storm" this could produce is if we would receive
an ICMPV6_PKT_TOOBIG message that in itself is too big. I don't think that
can realisticly happen, as that packet only contains a few bytes of headers
and the max mtu that can go through the link as data.

With the current code, you can test fragmentation using ping6 -s 1400 destip


More information about the Dev mailing list