Skip to content

fix(gateway): translate ICMPv6's PacketTooBig error #7567

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thomaseizinger merged 4 commits into from
Dec 22, 2024
Merged

fix(gateway): translate ICMPv6's PacketTooBig error #7567

thomaseizinger merged 4 commits into from
Dec 22, 2024

Conversation

@thomaseizinger
Copy link
Member

@thomaseizinger thomaseizinger commented Dec 20, 2024
edited
Loading

IPv6 treats fragmentation and MTU errors differently than IPv4. Rather than requiring fragmentation on each hop of a routing path, fragmentation needs to happen at the packet source and failure to route a packet triggers an ICMPv6 PacketTooBig error.

These need to be translated back through our NAT64 implementation of the Gateway. Due to the size difference in the headers of IPv4 and IPv6, the available MTU to the IPv4 packet is 20 bytes less than the MTU reported by the ICMP error. IPv6 headers are always 40 bytes, meaning if the MTU is reported as e.g. 1200 on the IPv6 side, we need to only offer 1180 to the IPv4 end of the application. Once the new MTU is then honored, the packets translated by our NAT64 implementation will still conform to the required MTU of 1200, despite the overhead introduced by the translation.

Resolves: #7515.

@vercel
Copy link

vercel bot commented Dec 20, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
firezone ✅ Ready (Inspect) Visit Preview 💬 Add feedback Dec 22, 2024 11:55am

@sentry
Copy link

sentry bot commented Dec 20, 2024

Sentry Issue: GATEWAY-2C

jamilbk
jamilbk approved these changes Dec 20, 2024
View reviewed changes
Copy link
Member

@jamilbk jamilbk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good find!

@thomaseizinger thomaseizinger force-pushed the fix/gateway-translate-packet-too-big branch from 2e979b7 to 9b1513d Compare December 22, 2024 11:54
@thomaseizinger thomaseizinger added this pull request to the merge queue Dec 22, 2024
Merged via the queue into main with commit 956bbbf Dec 22, 2024
106 checks passed
@thomaseizinger thomaseizinger deleted the fix/gateway-translate-packet-too-big branch December 22, 2024 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamilbk jamilbk jamilbk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tunnel error: Failed to translate packet: ICMP message is not DestinationUnreachable but Packet...

2 participants

@thomaseizinger @jamilbk