[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: linux-ipsec: cornered: MTU and fragmentation bugs

[ NOTICE!  This list will be hosted at lists.tislabs.com as of March 26.
There is no need to resubscribe, if you are on the list, you will remain
on it.  Just begin sending posts, and any administrative requests to
lists.tislabs.com as of now.  List mail to tis.com will cease to be
delivered as of March 26, 1999.  ]

> The place John Denker speaks of is in ip_fragment.  If a packet is
> sent to ip_fragment() (such as at the end of ip_output()) without
> checking DF, then the packet gets dropped silently.

> > No patch ever seen.
> In case you didn't get it:

This doesnt appear to make sense.

> - --- 685,693 ----
>         if (iph->frag_off & htons(IP_DF))
>         {
>                 ip_statistics.IpFragFails++;
>                 NETDEBUG(printk("ip_queue_xmit: frag needed\n"));
> +
> icmp_send(skb,ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED,htons(dev->mtu)
> , dev); /* jsd */
>                 return;

This shouldnt be causing any problems because for all the cases that matter
its handled higher up

	IGMP - never sets DF
	ip_forward - checks DF
	UDP - references it in 2.0 but doesnt use it
	TCP - uses DF and sets the MTU below the point it will fragment
The only case I can see where it might be relevant and a bug is looping back
an oversized multicast frame when running as a multicast router.

Can someone tell me under what circumstances they observed the event
occuring >