Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Jan 20, 2018 Severity: 3-Major
When using tcpdump to display packets, and when the the icmp6 filter is used as an option to the tcpdump program, as below for example: tcpdump -nni 0.0 icmp6 -s0 tcpdump fails to display icmpv6 packets if they are fragmented. Non fragmented packets are displayed correctly. Using a different filter like: tcpdump -nni 0.0 host <ipv6> -s0 displays the fragmented icmpv6 packets correctly.
Fragmented icmpv6 packets cannot be captured or displayed in tcpdump using the icmp6 filter
1) icmpv6 packets need to be fragments ( likely because they exceeded MTU somewhere). 2) tcpdump has to be run with icmp6 specified as the filter
Don't use the icmp6 filter of tcpdump when you know that the packets could be fragmented. Use a host filter, or no filter ( if traffic is not too large)
None