IPv6 Reassemble Error for Fragmented Packets
Issue
- IPv6 Reassemble Error for Fragmented SNMP Packets
- Any IPv6 fragmented payload where the More Fragments (MF) flag is set to 1 (i.e. not the last fragment) and the IPv6 Header Payload Length is less than 1240 bytes (short fragment) regardless of the upper layer protocol will trigger an ICMPv6 type 4 (Parameter Problem) response.
- IPv6 Conformance Test v6LC.1.3.1/v6LC.1.3.2 fails on RHEL 8.0 and earlier
- When receiving some fragmented IPv6 traffic, RHEL replies in tcpdump with:
ICMP6, parameter problem, erroneous - octet 40, length 1240
- RHEL returns ICMPv6 packet with:
- Type: Parameter Problem (4)
- Code: 0 (erroneous header field)
- Pointer: 40 (start of Fragment Header)
Environment
- Red Hat Enterprise Linux 8.0
- Red Hat Enterprise Linux 7 (various versions)
- Red Hat Enterprise Linux 6 (various versions)
- All various versions affected are kernels repaired under CVE-2018-5391
- IPv6 fragmented payload where IPv6 Header Payload Length is less than 1240 bytes (eg: 1232, 1224, 1216, and so on)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.