Bugzilla – Bug 1810
IP packets can be sent on NetDevices not respecting the minimum MTU requirements
Last modified: 2013-12-12 13:37:50 UTC
Note that this bug also affects IPv6. An IP packet might be sent over NetDevices with an MTU as small as 28 bytes, but RFC 791 clearly states: Every internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an internet header may be up to 60 octets, and the minimum fragment is 8 octets. The proposed patch should fix it. A new Drop reason is introduced: DROP_MTU_TOO_LITTLE. IPv4, IPv6 and FlowMon have been modified accordingly.
Created attachment 1731 [details] patch The proposed patch should fix it. A new Drop reason is introduced: DROP_MTU_TOO_LITTLE. IPv4, IPv6 and FlowMon have been modified accordingly.
I wonder whether this could be instead enforced when an IP interface is added (or MTU modified) rather than a per-packet check of the interface MTU. I seem to recall the behavior in Linux for IPv6 is to disable the interface for IPv6 usage if the MTU is too small, rather than check on a per-packet basis. Also, I might suggest "TOO_SMALL" instead of "TOO_LITTLE" (nit).
Very good idea. The patch was done kinda in a rush. Moreover, we'll not need the new drop reason, as the interface will be down (at least for IP). I'll modify it accordingly.
Created attachment 1732 [details] New patch Much cleaner approach (thanks Tom). The Ipv4Interface (or Ipv6Interface) is simply set as "down" if the associated NetDevice has a too short MTU. Removed the drop reason cause, as packets will be dropped with an "interface down" reason automatically. Of course it is possible to manually force the Ipv4/6Interface to be up, but I guess nobody would do that without knowing what he/she is doing.
Looks good to merge, IMO
Fixed in changeset: 10512:f222d52c616f