From nobody@FreeBSD.org  Tue Apr  1 15:35:01 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D0511065670
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 15:35:01 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6AE768FC23
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 15:35:01 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m31FZ06i065330
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Apr 2008 15:35:00 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m31FZ0gQ065329;
	Tue, 1 Apr 2008 15:35:00 GMT
	(envelope-from nobody)
Message-Id: <200804011535.m31FZ0gQ065329@www.freebsd.org>
Date: Tue, 1 Apr 2008 15:35:00 GMT
From: Mark Cammidge <mark@peralex.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ICMP unreach, frag needed but df set + route mtu broken - breaks PMTU
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122338
>Category:       kern
>Synopsis:       ICMP unreach, frag needed but df set + route mtu broken - breaks PMTU
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 01 15:40:01 UTC 2008
>Closed-Date:    Tue Apr 22 12:16:03 UTC 2008
>Last-Modified:  Sat Jul 12 12:50:07 UTC 2008
>Originator:     Mark Cammidge
>Release:        7.0-STABLE (cvsupped 2008-03-24)
>Organization:
none
>Environment:
FreeBSD www.peralex.com 7.0-STABLE FreeBSD 7.0-STABLE #3: Tue Apr  1 09:09:58 SAST 2008 
>Description:
When a IP forwarding is enabled on a FreeBSD machine, the mtu on the route that is used for the next hop is ignored when "icmp unreachable, frag needed but df set" packets are returned when a packet is dropped as a result of a packet being too large (the route mtu is used correctly to decide which packets to drop).

The icmp packets are returned, but the next hop value does not take into account the mtu on the route, only the mtu on the interface to which the packet would have been routed.

This breaks path mtu discovery when the route MTU is smaller than the interface MTU for the next hop.

This was working correctly in 6-STABLE

>How-To-Repeat:
Set up a system (call it SystemA) to do ip forwarding.
Set up a route to use a low MTU (say 1300), but leave the MTU on the interfaces that will carry those connection at 1500.
From a separate machine (call it SystemB) , establish a TCP connection via SystemA to another system (SystemC say) that will be routed according to the route with the MTU set to 1300.
When large packets are sent from SystemB to SystemC, SystemA sends 'icmp unreachable, frag needed by df set' replies to SystemB and drops the large packets.  These icmp packets specify the next hop MTU as 1500, rather than 1300 as should be the case.  The next hop should be the minimum of the interface and path MTUs.

>Fix:
Bjoern A. Zeeb reported this problem on the freebsd-net mailing list:

http://lists.freebsd.org/pipermail/freebsd-net/2007-December/016357.html

and provided a patch:

http://sources.zabbadoz.net/freebsd/patchset/patch-20071228-02-ip-forward-unreach-needfrag-ro.diff

Bjoern has requested that this issue be assigned to him.

>Release-Note:
>Audit-Trail:

From: Mark Cammidge <mark@peralex.com>
To: bug-followup@FreeBSD.org, mark@peralex.com
Cc:  
Subject: Re: kern/122338: ICMP unreach, frag needed but df set + route mtu
 broken - breaks PMTU
Date: Tue, 01 Apr 2008 18:18:43 +0200

 I have applied the patch mentioned, and it fixes the problem.
 
 Disclaimer: http://www.peralex.com/disclaimer.html
 
 
Responsible-Changed-From-To: freebsd-bugs->bz 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Apr 2 00:11:38 UTC 2008 
Responsible-Changed-Why:  
Over to bz at his request. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122338 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, mark@peralex.com
Cc:  
Subject: Re: kern/122338: ICMP unreach, frag needed but df set + route mtu
 broken - breaks PMTU
Date: Sat, 5 Apr 2008 18:28:45 +0000 (UTC)

 On Wed, 2 Apr 2008, linimon@FreeBSD.org wrote:
 
 Hi,
 
 I have a slightly updated patch that should also take care if someone
 can install a route with an mtu setting > interface mtu.
 
 You can find it here:
 
 http://sources.zabbadoz.net/freebsd/patchset/patch-20080405-01-ip-forward-unreach-needfrag-ro.diff
 
 If you could test it as well I'd go ahead in a few days and commit it.
 
 
 /bz
 
 -- 
 Bjoern A. Zeeb                                 bzeeb at Zabbadoz dot NeT
 Software is harder than hardware  so better get it right the first time.
State-Changed-From-To: open->feedback 
State-Changed-By: bz 
State-Changed-When: Sun Apr 6 19:07:35 UTC 2008 
State-Changed-Why:  
A slightly updated patch was presented. Let wait for feedback 
if that works as well. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122338 

From: Mark Cammidge <mark@peralex.com>
To: bug-followup@FreeBSD.org, mark@peralex.com,
        "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc:  
Subject: Re: kern/122338: ICMP unreach, frag needed but df set + route mtu
 broken - breaks PMTU
Date: Tue, 08 Apr 2008 16:05:44 +0200

 I've tested the updated patch on 7-STABLE (cvsupped 7 April 2008) and it 
 appears to work correctly with either a smaller route mtu than interface 
 mtu, or with a smaller interface mtu than route mtu.
 
 
 
 
 
 Disclaimer: http://www.peralex.com/disclaimer.html
 
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122338: commit references a PR
Date: Wed,  9 Apr 2008 05:17:31 +0000 (UTC)

 bz          2008-04-09 05:17:18 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netinet          ip_input.c ip_ipsec.c ip_ipsec.h 
   Log:
   Take the route mtu into account, if available, when sending an
   ICMP unreach, frag needed.  Up to now we only looked at the
   interface MTU. Make sure to only use the minimum of the two.
   
   In case IPSEC is compiled in, loop the mtu through ip_ipsec_mtu()
   to avoid any further conditional maths.
   
   Without this, PMTU was broken in those cases when there was a
   route with a lower MTU than the MTU of the outgoing interface.
   
   PR:             kern/122338
   Tested by:      Mark Cammidge  mark peralex.com
   Reviewed by:    silence on net@
   MFC after:      2 weeks
   
   Revision  Changes    Path
   1.335     +26 -4     src/sys/netinet/ip_input.c
   1.10      +1 -2      src/sys/netinet/ip_ipsec.c
   1.3       +1 -1      src/sys/netinet/ip_ipsec.h
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->patched 
State-Changed-By: bz 
State-Changed-When: Wed Apr 9 05:24:39 UTC 2008 
State-Changed-Why:  
Patch comitted to HEAD, will be MFCed in 2 weeks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122338 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122338: commit references a PR
Date: Tue, 22 Apr 2008 12:03:07 +0000 (UTC)

 bz          2008-04-22 12:02:55 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/netinet          ip_input.c ip_ipsec.c ip_ipsec.h 
   Log:
   MFC: rev. 1.335 ip_input.c, rev. 1.10 ip_ipsec.c, rev. 1.3 ip_ipsec.h
   
     Take the route mtu into account, if available, when sending an
     ICMP unreach, frag needed.  Up to now we only looked at the
     interface MTU. Make sure to only use the minimum of the two.
   
     In case IPSEC is compiled in, loop the mtu through ip_ipsec_mtu()
     to avoid any further conditional maths.
   
     Without this, PMTU was broken in those cases when there was a
     route with a lower MTU than the MTU of the outgoing interface.
   
   PR:             kern/122338
   Tested by:      Mark Cammidge  mark peralex.com
   
   Revision   Changes    Path
   1.332.2.2  +26 -4     src/sys/netinet/ip_input.c
   1.8.2.2    +1 -2      src/sys/netinet/ip_ipsec.c
   1.2.2.1    +1 -1      src/sys/netinet/ip_ipsec.h
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Tue Apr 22 12:15:20 UTC 2008 
State-Changed-Why:  
Patch was MFCed to RELENG_7. 
Thanks for all the testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122338 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122338: commit references a PR
Date: Thu,  3 Jul 2008 12:45:08 +0000 (UTC)

 bz          2008-07-03 12:44:36 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netinet          ip_input.c 
   Log:
   SVN rev 180215 on 2008-07-03 12:44:36Z by bz
   
   Remove a bogusly introduced rtalloc_ign() in rev. 1.335/SVN 178029,
   generating an RTM_MISS for every IP packet forwarded making user space
   routing daemons unhappy.
   
   PR:             kern/123621, kern/124540, kern/122338
   Reported by:    Paul <paul gtcomm.net>, Mike Tancsa <mike sentex.net> on net@
   Tested by:      Paul and Mike
   Reviewed by:    andre
   MFC after:      3 days
   
   Revision  Changes    Path
   1.337     +0 -1      src/sys/netinet/ip_input.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122338: commit references a PR
Date: Sat, 12 Jul 2008 12:41:48 +0000 (UTC)

 bz          2008-07-12 12:41:21 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/netinet          ip_input.c 
   Log:
   SVN rev 180482 on 2008-07-12 12:41:21Z by bz
   
   MFC: rev. 1.337, svn 180215
   
     Remove a bogusly introduced rtalloc_ign() in rev. 1.335/SVN 178029,
     generating an RTM_MISS for every IP packet forwarded making user space
     routing daemons unhappy.
   
   PR:             kern/123621, kern/124540, kern/122338
   
   Revision   Changes    Path
   1.332.2.3  +0 -1      src/sys/netinet/ip_input.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
