From owner-freebsd-net Fri Jun 14 12:40:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from patrocles.silby.com (d2.as3.nwbl0.wi.voyager.net [169.207.92.130]) by hub.freebsd.org (Postfix) with ESMTP id 80BB137B439 for ; Fri, 14 Jun 2002 12:39:54 -0700 (PDT) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.4/8.12.4) with ESMTP id g5EJfAcv003481; Fri, 14 Jun 2002 14:41:10 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.4/8.12.4/Submit) with ESMTP id g5EJf8Ko003478; Fri, 14 Jun 2002 14:41:09 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Fri, 14 Jun 2002 14:41:08 -0500 (CDT) From: Mike Silbersack To: Jonathan Lemon Cc: net@freebsd.org Subject: Re: Broken PMTUD in FreeBSD? In-Reply-To: <20020614141750.E37376@prism.flugsvamp.com> Message-ID: <20020614143731.K3117-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Jun 2002, Jonathan Lemon wrote: > It is a DoS. Suppose that for some reason, we send out a SYN,ACK of > 80 octets, which hits a router with the minimum MTU of 68 octets. > Unlikely, yes, but still legal. If IP_DF is set, the packet gets dropped, > and a ICMP PMTU response is sent back, but the syncache will still resend > the 80 octet datagram. If IP_DF is clear, the datagram will get through. In theory, I guess that could happen. Give me a few days to examine the PMTU code to see if there's an easy way to handle that case. If the DF bit is removed on the resend, would that be acceptable? /me has this bad feeling that he just roped himself into auditing the PTMU code. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message