Date: Sat, 17 Apr 2010 14:51:28 +0200 (CEST) From: sthaug@nethelp.no To: freebsd-net@freebsd.org Subject: IPv4 vs. IPv6 ping -s inconsistency Message-ID: <20100417.145128.74659691.sthaug@nethelp.no>
next in thread | raw e-mail | index | archive | help
For IPv4 I have to be root to ping with a payload larger than 56 bytes: sthaug@lab1% ping -s 1472 ftp.funet.fi ping: packet size too large: 1472 > 56: Operation not permitted However, for IPv6 the corresponding operation works just fine: sthaug@lab1% ping6 -s 1452 -m ftp.funet.fi PING6(1500=40+8+1452 bytes) 2001:8c0:8b00:1::2 --> 2001:708:10:9::20:2 1460 bytes from 2001:708:10:9::20:2, icmp_seq=0 hlim=57 time=15.730 ms 1460 bytes from 2001:708:10:9::20:2, icmp_seq=1 hlim=57 time=15.770 ms I find this highly inconsistent. My *personal* preference would be to remove the IPv4 check. Alternatively, the IPv6 ping should be changed to have the same limitation as the IPv4 ping. I realize that the IPv4 limitation is there to make it *slightly* more difficult to use FreeBSD boxes to perform DoS attacks and the like. Personally I believe this is misguided, since there are plenty of other ways to send large (interface MTU) packets. Oh yeah, I also find it inconsistent/undesriable that ping6 needs the -m option to send packets larger than the minimum IPv6 MTU. But that is a different discussion... Comments? Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100417.145128.74659691.sthaug>