IPv6 Reassemble Error for Fragmented Packets

Solution Verified - Updated -

Issue

  • IPv6 Reassemble Error for Fragmented SNMP Packets
  • Any IPv6 fragmented payload where the More Fragments (MF) flag is set to 1 (i.e. not the last fragment) and the IPv6 Header Payload Length is less than 1240 bytes (short fragment) regardless of the upper layer protocol will trigger an ICMPv6 type 4 (Parameter Problem) response.
  • IPv6 Conformance Test v6LC.1.3.1/v6LC.1.3.2 fails on RHEL 8.0 and earlier
  • When receiving some fragmented IPv6 traffic, RHEL replies in tcpdump with:
ICMP6, parameter problem, erroneous - octet 40, length 1240
  • RHEL returns ICMPv6 packet with:
    • Type: Parameter Problem (4)
    • Code: 0 (erroneous header field)
    • Pointer: 40 (start of Fragment Header)

Environment

  • Red Hat Enterprise Linux 8.0
  • Red Hat Enterprise Linux 7 (various versions)
  • Red Hat Enterprise Linux 6 (various versions)
  • All various versions affected are kernels repaired under CVE-2018-5391
  • IPv6 fragmented payload where IPv6 Header Payload Length is less than 1240 bytes (eg: 1232, 1224, 1216, and so on)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In