From owner-freebsd-net Fri Jun 14 13:26:20 2002 Delivered-To: freebsd-net@freebsd.org Received: from tp.databus.com (p72-186.acedsl.com [66.114.72.186]) by hub.freebsd.org (Postfix) with ESMTP id DDEE537B40C for ; Fri, 14 Jun 2002 13:26:14 -0700 (PDT) Received: from databus.com (localhost.databus.com [127.0.0.1]) by tp.databus.com (8.12.3/8.12.3) with ESMTP id g5EKQDZa001283; Fri, 14 Jun 2002 16:26:13 -0400 (EDT) (envelope-from barney@databus.com) Received: (from barney@localhost) by databus.com (8.12.3/8.12.3/Submit) id g5EKQDlR001282; Fri, 14 Jun 2002 16:26:13 -0400 (EDT) Date: Fri, 14 Jun 2002 16:26:12 -0400 From: Barney Wolff To: Mike Silbersack Cc: Jonathan Lemon , net@FreeBSD.ORG Subject: Re: Broken PMTUD in FreeBSD? Message-ID: <20020614162612.A1139@tp.databus.com> References: <20020614141750.E37376@prism.flugsvamp.com> <20020614143731.K3117-100000@patrocles.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020614143731.K3117-100000@patrocles.silby.com>; from silby@silby.com on Fri, Jun 14, 2002 at 02:41:08PM -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There may be an issue with T/TCP, but otherwise I see no reason to set DF on syn-ack, even when PMTUD is on. There is simply no point to avoiding fragmentation of a single packet per connection, and it's highly unlikely anyway in today's Internet. The current behavior is perfectly acceptable to any reasonable person. On Fri, Jun 14, 2002 at 02:41:08PM -0500, Mike Silbersack wrote: > > On Fri, 14 Jun 2002, Jonathan Lemon wrote: > > > It is a DoS. Suppose that for some reason, we send out a SYN,ACK of > > 80 octets, which hits a router with the minimum MTU of 68 octets. > > Unlikely, yes, but still legal. If IP_DF is set, the packet gets dropped, > > and a ICMP PMTU response is sent back, but the syncache will still resend > > the 80 octet datagram. If IP_DF is clear, the datagram will get through. > > In theory, I guess that could happen. Give me a few days to examine the > PMTU code to see if there's an easy way to handle that case. If the DF > bit is removed on the resend, would that be acceptable? > > /me has this bad feeling that he just roped himself into auditing the PTMU > code. > > Mike "Silby" Silbersack > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message