Date: Fri, 14 Jun 2002 14:41:08 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Jonathan Lemon <jlemon@flugsvamp.com> Cc: net@freebsd.org Subject: Re: Broken PMTUD in FreeBSD? Message-ID: <20020614143731.K3117-100000@patrocles.silby.com> In-Reply-To: <20020614141750.E37376@prism.flugsvamp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Jun 2002, Jonathan Lemon wrote: > It is a DoS. Suppose that for some reason, we send out a SYN,ACK of > 80 octets, which hits a router with the minimum MTU of 68 octets. > Unlikely, yes, but still legal. If IP_DF is set, the packet gets dropped, > and a ICMP PMTU response is sent back, but the syncache will still resend > the 80 octet datagram. If IP_DF is clear, the datagram will get through. In theory, I guess that could happen. Give me a few days to examine the PMTU code to see if there's an easy way to handle that case. If the DF bit is removed on the resend, would that be acceptable? /me has this bad feeling that he just roped himself into auditing the PTMU code. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020614143731.K3117-100000>