IPv4 vs. IPv6 ping -s inconsistency
sthaug at nethelp.no
sthaug at nethelp.no
Sat Apr 17 12:51:31 UTC 2010
For IPv4 I have to be root to ping with a payload larger than 56 bytes:
sthaug at lab1% ping -s 1472 ftp.funet.fi
ping: packet size too large: 1472 > 56: Operation not permitted
However, for IPv6 the corresponding operation works just fine:
sthaug at lab1% ping6 -s 1452 -m ftp.funet.fi
PING6(1500=40+8+1452 bytes) 2001:8c0:8b00:1::2 --> 2001:708:10:9::20:2
1460 bytes from 2001:708:10:9::20:2, icmp_seq=0 hlim=57 time=15.730 ms
1460 bytes from 2001:708:10:9::20:2, icmp_seq=1 hlim=57 time=15.770 ms
I find this highly inconsistent. My *personal* preference would be to
remove the IPv4 check. Alternatively, the IPv6 ping should be changed
to have the same limitation as the IPv4 ping.
I realize that the IPv4 limitation is there to make it *slightly*
more difficult to use FreeBSD boxes to perform DoS attacks and the
like. Personally I believe this is misguided, since there are plenty
of other ways to send large (interface MTU) packets.
Oh yeah, I also find it inconsistent/undesriable that ping6 needs the
-m option to send packets larger than the minimum IPv6 MTU. But that
is a different discussion...
Comments?
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the freebsd-net
mailing list