lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 04 Jun 2007 12:32:49 +0800
From:	Wei Yongjun <>
To:	Herbert Xu <>
Subject: Re: [PATCH] Fix bug of update IPv4 PMTU when received ICMP Fragmentation
 Needed message

> On Mon, Jun 04, 2007 at 12:03:57PM +0800, Wei Yongjun wrote:
>> So I want to know how the route announce a MTU larger then 576, such as 
>> 1280? RFC says ICMP error message return as much as we can without 
>> exceeding 576 bytes.
> I think there is a misunderstanding here.  The RFC is talking about
> how much of the payload may be included in the ICMP packet.  It is
> not talking about the length field in the original IP header.  That
> must be left untouched.
As you said, the RFC is talking about the payload of ICMP packet, it's 
not greater then 576, if router announce a MTU larger then 1280, the 
original IP header must be a size of 704? The format of ICMP message is 
like this:
  IPv4 header
  ICMP header
>> And ipv4 router alaways return as a packet size 576 because of this.
>> If MTU is greater then 576, HOST will used "mtu = guess_mtu(old_mtu)" to 
>> get a MTU. Method of send ICMP Fragmentation Needed message is 
>> difference from receive,
> Which router is doing that?
The latest kernel also doing so. The rule to send ICMP message 
limit this.
Ref to net/ipv4/icmp.c
line 433 void icmp_send(struct sk_buff *skb_in, int type, int code, 
__be32 info)
line 434 {
line 572    /* RFC says return as much as we can without exceeding 576 
bytes. */
line 573
line 574    room = dst_mtu(&rt->u.dst);
line 575    if (room > 576)
line 576        room = 576;
line 577    room -= sizeof(struct iphdr) + icmp_param.replyopts.optlen;
line 578    room -= sizeof(struct icmphdr);
line 579
line 560    icmp_param.data_len = skb_in->len - icmp_param.offset;
line 561    if (icmp_param.data_len > room)
line 562        icmp_param.data_len = room;
line 563    icmp_param.head_len = sizeof(struct icmphdr);

line 576 do this.


A new email address of FJWAN is launched from Apr.1 2007.
The updated address is: 
Wei Yongjun
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630523-858
COINS: 79955-858
FAX: +86+25-83317685

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists