As for testing tools, scamper is the only one I've found when I last looked (in 2014?) it doesn't support running on Linux out of the box. http://wand.net.nz/scamper/pmtud For example, you can do:
sudo scamper -F ipfw -I "tbit -M 1280 -t pmtud -S $sourceip -u $url" $targetip Where $url has to be an HTTP URL that returns a large enough object and $targetip is what you want to test. On Linux, $sourceip is a dedicated non-primary address where you have a firewall rule filter: ip6tables -I INPUT -p tcp --sport 80 -d $sourceip -j DROP The right way to do this on Linux would be to add a new backend to scamper but for this to work you have to disable the existing check that BSD ipfw is working. For example: ==== CUT HERE ==== --- scamper-cvs-20140530/scamper/tbit/scamper_tbit_do.c 2013-08-07 17:55:29.000000000 -0400 +++ scamper-cvs-mod/scamper/tbit/scamper_tbit_do.c 2014-10-21 14:07:33.053470510 -0400 @@ -2634,11 +2636,26 @@ sfw.sfw_5tuple_sport = tbit->dport; sfw.sfw_5tuple_dport = tbit->sport; + + + + + +#if 1 /* Hack to run on Linux... */ + run with: + scamper -F ipfw -I "tbit -M 1280 -t pmtud -S $sourceip -u $url" $targetip + after putting in a firewall rule first to drop inputs on a dedicated address: + ip6tables -I INPUT -p tcp --sport 80 -d $sourceip -j DROP + */ + + state->fw = NULL; +#else if((state->fw = scamper_firewall_entry_get(&sfw)) == NULL) { scamper_debug(__func__, "could not get firewall entry"); goto err; } +#endif state->mode = MODE_SYN; } ==== CUT HERE ==== On Fri, Apr 29, 2016 at 2:30 AM, Mikael Abrahamsson <swm...@swm.pp.se> wrote: > > Hi, > > I've run into a scenario where a website doesn't seem to be listening to > PTB. I can reach them just fine from an MTU1500 clean IPv6 connection, but > if I reach from a MTU1500<->MTU1480<->MTU1500 connection, it doesn't work. > I don't get the big packets after SYN handshake. > > I've been considering asking iis.se (the .SE ccTLD registry) who are > already running multiple testing tools for web sites and domain name > owners) to include these kinds of testing, and perhaps develop more of them. > > So I'd like to gather some information and feedback here. > > 1. Are there are already FOSS tools out there that could be used for this, > or would be good to enhance to include capability for this kind of testing. > I don't want to waste work, and if I can enhance FOSS tools already > existing and also solve my problem, that's a double win. > > 2. Test cases? From my testing, I've seen two different behavior just in > the last two days: > > Site A as described in top paragraph, probably doesn't listen to PTB. Can > be either because they drop PTBs, or traffic traverses a load > balancer/IPv4v6proxy that doesn't correctly handle PTB. > > Site B which sends all data packets as fragments. This is most likely > because they have some kind of AFTR where the IPv4 side has MTU1500 and the > IPv6 side has MTU1320 or something like that. > > Neither of this is of course optimal, and I'd like to be able to test for > these and tell the site owner that their solution either is broken or > suboptimal (the fragment case isn't strictly broken, it's just not a good > way to do things). > > Opinions? Thoughts? > > -- > Mikael Abrahamsson email: swm...@swm.pp.se >