FH_InvalidLength - check Fragment Reassembly (Invalid Length)
Host and Router
FH_InvalidLength.seq [-tooloption ...] -pkt FH_InvalidLength.def
-tooloption : v6eval tool option
1. Ping to Target (create Neighbor Cache Entries, if not exist) 2. Override Neighbor Cache Entries
Tester Target
| |
|-------------------------->|
| Echo Request (1st) |
| |
| |
|-------------------------->|
| Echo Request (2nd) |
| |
| |
|<--------------------------|
| ICMP Error |
| |
| |
v v
1. Send Echo Request (1st fragment) 2. Send Echo Request (2nd fragment) 3. Receive ICMP Error
Echo Request (1st fragment) is:
IPv6 Header
Version = 6
Traffic Class = 0
FlowLabel = 0
PayloadLength = 527 (not multiple of 8 octets)
NextHeader = 56 (Fragment Header)
SourceAddress = Tester Link Local Address
DestinationAddress = Target Link Local Address
Fragment Header
NextHeader = 58 (ICMP)
FragmentOffset = 0 (1st fragment)
MFlag = 1 (more fragment)
PASS: ICMP Error Received
IPv6 Header
Version = 6
Traffic Class = 0
FlowLabel = 0
PayloadLength = 575
NextHeader = 58 (ICMP)
SourceAddress = Target Link Local Address
Destination Address = Tester Link Local Address
ICMP Error
Type = 4 (Parameter Problem)
Code = 0 (erroneous header field encountered)
Checksum = (auto)
Pointer = 4 (Pointer to Payload Length in IPv6 Header)
PayloadData = (1st Fragment of Echo Request)
RFC2460
4.5 Fragment Header
:
The following error conditions may arise when reassembling fragmented packets:
If insufficient fragments are received to complete reassembly of a
packet within 60 seconds of the reception of the first-arriving
fragment of that packet, reassembly of that packet must be
abandoned and all the fragments that have been received for that
packet must be discarded. If the first fragment (i.e., the one
with a Fragment Offset of zero) has been received, an ICMP Time
Exceeded -- Fragment Reassembly Time Exceeded message should be
sent to the source of that fragment.
If the length of a fragment, as derived from the fragment packet's
Payload Length field, is not a multiple of 8 octets and the M flag
of that fragment is 1, then that fragment must be discarded and an
ICMP Parameter Problem, Code 0, message should be sent to the
source of the fragment, pointing to the Payload Length field of
the fragment packet.
perldoc V6evalTool