Refuse to try configuring IPv6 if MTU is <1280

dlenski · dlenski · commit c77905fe1661 · 2024-04-12T10:12:37.000-07:00
IPv6 requires a minimum MTU of 1280. If MTU is <1280, it appears that any-and-all IPv6-related configuration, including setting addresses and routes, will immediately fail on Linux, where iproute(8) gives very cryptic errors like: RTNETLINK answers: Invalid argument error This will prevent vpn-slice from completing a working setup even for IPv4. Rather than overlooking this problem or silently ignoring IPv6 configuration issues, we should *fail* when IPv6 configuration is requested but the MTU is too small, and request that the user add `--disable-ipv6` to the OpenConnect command line, which should prevent OpenConnect from requesting or providing any IPv6 configuration to vpn-slice. Ping #148.
diff --git a/vpn_slice/__main__.py b/vpn_slice/__main__.py
@@ -455,6 +455,14 @@ def parse_env(environ=os.environ):
             print("WARNING: IPv6 split network (CISCO_IPV6_SPLIT_%s_%d_{ADDR,MASKLEN}) %s/%d has host bits set, replacing with %s" % (pfx, n, ad, nml, net), file=stderr)
         env['split' + pfx.lower()].append(net)
 
+    # If MTU is <1280, then IPv6 is not possible.
+    # Furthermore, it appears that any-and-all IPv6-related configuration will fail (at
+    # least on Linux, where iproute(8) gives very cryptic errors like
+    # "RTNETLINK answers: Invalid argument error"), preventing vpn-slice from completing
+    # a working setup even for IPv4.
+    if env.mtu < 1280 and (env.myaddr6 or any(r.version == 6 for r in env.splitinc)):
+        raise RuntimeError("MTU of %d is too small for IPv6 (minimum 1280). Invoke OpenConnect with --disable-ipv6 to configure for IPv4 only" % env.mtu, file=stderr)
+
     return env
 
 # Parse command-line arguments and environment
