>Number:         34994
>Category:       kern
>Synopsis:       hang during a ping6 on tap
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 05 15:50:00 +0000 2006
>Originator:     arnaud degroote
>Release:        current
>Organization:
>Environment:
NetBSD amilo.at.home 4.99.3 NetBSD 4.99.3 (AMILO) #5: Sun Oct 29 19:07:34 UTC 2006  zul@amilo.at.home:/home/zul/netbsd-dev/build_tmp/objdir/sys/arch/i386/compile/AMILO i386

>Description:
I was playing with fast_ipsec when I have seen the following problem.
On my ipv6 tap iface, when I try to ping it with some big packets, the computer just hangs. However, I have noticed that I can ping it with a size of 1232 ( 1232 + 8 + 40 = 1280 ) and with a size of 1233, it just hangs the machine so the problem may come from the fragment ip6_output path.

Note the problem is not reproductible nor in 3.1 nor in 4.0_Beta. The problem just appears on ipv6.

I have reproduced the bug on two differnts machines, running respectively 4.99.2 and 4.99.3
>How-To-Repeat:
ifconfig tap0 create
ifconfig tap0 inet6 2001:db8:1234::1
ping6 -c 4 -s 1233 2001:db8:1234::1
>Fix:
I don't have any idea for moment