Hello, I ran into something weird with the Webserver with Suse 12.3 and IPv6. FYI the IPv4 part works just fine. I have Dual stacked the server. With IPv6 the server receives a ICMP packet too big message, from a router out on the internet. But ignores it continuing to send out the same packet. Which then the ICMP message again is sent. Not sure what I could be missing here. The firewall is disabled on the server and the Capture was taken at the server as well. I have tested the same thing with Gentoo and CentOS, but of course they are running a different Kernel version, They work without any issue.
Any help of what I might be missing here would be appreciated.
Let me know what other information I can provide.
I have recently done some more testing here. I have tested this using the Vanilla kernel 3.11.10-21-vanilla, and I have tried both with apache 2 and Nginx. all of them have the same problem. Not sure what else could really be causing this. Anyone have any idea. I did submit a but with the Novell interface, but when I search for the report it does not show up. It did say they received it. I have confirmed this is an issue on Suse 11.x 12.x and 13.x Currently I am testing with the latest 13.1
Only thing I can think of is compile a kernel myself see if there is something that can be changed to make it work.
I am running this in a VM under KVM. I was using the most recent default kernel. I just went to the Vanilla one to make sure there was not a Suse Kernel patch that was causing an issue. Because I do not have this problem with (Ubuntu/CentOS/Gentoo/Windows) Suse is the only one I ran into the problem with.
I can try a newer kernel, but as this has been a problem from Suse 11 -> 13 I would not believe it has anything to do with the kernel. Especially as I am also only have this problem with Suse. Which I could not imagine what could cause it. My only though is that SElinux or something like that is not letting it process the ICMP message? But I am pretty sure the older Systems I was testing on it was disabled. I will check again.
I have tried as you suggested. But I am getting the same results. I have confirmed that selinux and Appamor are both not active or installed on the server.
uname -a
Linux linux-vpn9 3.16.2-1.gdcee397-vanilla #1 SMP Sun Sep 7 04:40:17 UTC 2014 (dcee397) x86_64 x86_64 x86_64 GNU/Linux
I installed this system selecting the minimal install. FYI.
Let me know if anyone can think of something else to try. Really strange that it only affects SUSE. Would Figure IPv6 ICMP would be more of an IP stack thing then anything out side of the kernel having to know about fragmentation. But does not seem to be the case I guess.
Can you post the exact log entry errors?
Perhaps an excerpt including the previous maybe 20 lines or so prior and a few after the errors?
Also,
Am curious the reason for getting ICMP errors, are you testing your machine (ping) or are these being generated by someone else?
And,
Have you tried actually accessing your website using IPv6 (ie do a get) instead of pinging the server?
(If you have, might be useful to post the logs associated with that traffic as well)
Ordinarily, I shouldn’t think that Apache should respond to <any> ICMP requests, anyway.
Sorry the Title could have been more clear. This is more of a problem with Suse and IPv6 ICMP messages. not really anything to do with Apache. In the capture file what you see happening is my Client makes a connection (successfully) to the web server and requests the page. At some point in the reponse stream The Web server send back a packet of a larger size. There is a Router between my Client computer and the web server that has an MTU of 1280. When that router receives the packet that is over the size of the MTU on the next Interface it will reply back to the sender notifying them that the packet is too large. The problem is SUSE’s distro seems to ignore this ICMP message and continues to try send out the large packet. Which of course I never receive and the router continues to notify the server about the problem. So yea it is also my understanding that Apache or any we server should have nothing to do with this. This is part of TCP over IPv6. Which it is very strange that a “vanilla” kernel (although downloaded from a Suse site) also still has this issue. I am unaware of any settings in /proc or /Sys that could change this behavoir. It is also not following the IPv6 standard as Fragmentation is not an option. FYI it does work fine as long as it does not have a router in the middle with a smaller MTU. So LAN to LAN works fine. And like I said before other Flavors of linux do not have this issue. Thanks for the reply.