Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Jun 2002 14:41:08 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Jonathan Lemon <jlemon@flugsvamp.com>
Cc:        net@freebsd.org
Subject:   Re: Broken PMTUD in FreeBSD?
Message-ID:  <20020614143731.K3117-100000@patrocles.silby.com>
In-Reply-To: <20020614141750.E37376@prism.flugsvamp.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Fri, 14 Jun 2002, Jonathan Lemon wrote:

> It is a DoS.  Suppose that for some reason, we send out a SYN,ACK of
> 80 octets, which hits a router with the minimum MTU of 68 octets.
> Unlikely, yes, but still legal.  If IP_DF is set, the packet gets dropped,
> and a ICMP PMTU response is sent back, but the syncache will still resend
> the 80 octet datagram.  If IP_DF is clear, the datagram will get through.

In theory, I guess that could happen.  Give me a few days to examine the
PMTU code to see if there's an easy way to handle that case.  If the DF
bit is removed on the resend, would that be acceptable?

/me has this bad feeling that he just roped himself into auditing the PTMU
code.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020614143731.K3117-100000>