lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110920133837.GA16323@hmsreliant.think-freely.org>
Date:	Tue, 20 Sep 2011 09:38:37 -0400
From:	Neil Horman <nhorman@...driver.com>
To:	Benjamin Poirier <benjamin.poirier@...il.com>
Cc:	Michael Kerrisk <mtk.manpages@...il.com>,
	linux-man@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: discrepancy in ip(7) wrt. IP DF flag for UDP sockets

On Tue, Sep 20, 2011 at 09:29:54AM -0400, Benjamin Poirier wrote:
> On 11-09-20 08:14, Michael Kerrisk wrote:
> > Hello Benjamin, Neil,
> > 
> > On Mon, Sep 19, 2011 at 3:03 PM, Neil Horman <nhorman@...driver.com> wrote:
> > > On Mon, Sep 19, 2011 at 08:19:40AM -0400, Benjamin Poirier wrote:
> > >> Hi,
> > >>
> > >> I noticed what appears to be a discrepancy between the ip(7) man page
> > >> and the kernel code with regards to the IP DF flag for UDP sockets.
> > >>
> > >> The man page says that "The don't-fragment flag is set on all outgoing
> > >> datagrams" and that the ip_no_pmtu_disc sysctl affects only SOCK_STREAM
> > >> sockets. This is quickly disproved by doing:
> > >> echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
> > >> firing up netcat and looking at a few outgoing udp packets in wireshark
> > >> (they don't have the DF flag set).
> > 
> > Could you describe the required change in terms of how the man page
> > text should look--i.e., rewrite the passage as you think it should
> > look?
> 
> How about changing it to:
> 	IP_MTU_DISCOVER (since Linux 2.2)
> 	Set or receive the Path MTU Discovery setting for a socket. When
> 	enabled, the don't-fragment flag is set on all outgoing packets.
> 	Linux will perform Path MTU Discovery as defined in RFC 1191 on
> 	SOCK_STREAM sockets. For non-SOCK_STREAM sockets, it is the
> 	user's responsibility to packetize the data in MTU sized chunks
> 	and to do the retransmits if necessary. The kernel will reject
> 	(with EMSGSIZE) datagrams that are bigger than the known path
> 	MTU. The system-wide default is controlled by the
> 	/proc/sys/net/ipv4/ip_no_pmtu_disc file. 
> 
> 	Path MTU discovery flags   Meaning
> 	[...]
> 
> There are some differences between _DO and _WANT that are glossed over
> in this description, but I suppose there's only so much detail you can
> put in...
> 
> Thanks,
> -Ben
> 
Yeah, I think thats close, but its only the users responsibility to package
datagrams in mtu sized chunks if they force the dont fragment bit on.  If they
go wtih the default, the stack will fragment a datagram is it sees fit according
to the mtu of the path it traverses
Neil

> > 
> > Thanks,
> > 
> > Michael
> > 
> > 
> > >> 1) in the words of `man 7 ip`:
> > >> IP_MTU_DISCOVER (since Linux 2.2)
> > >>       Set or receive the Path MTU Discovery  setting  for  a  socket.
> > >>       When  enabled, Linux will perform Path MTU Discovery as defined
> > >>       in RFC 1191 on this socket.  The don't-fragment flag is set  on
> > >>       all  outgoing datagrams.  The system-wide default is controlled
> > >>       by the /proc/sys/net/ipv4/ip_no_pmtu_disc file for  SOCK_STREAM
> > >>       sockets, and disabled on all others.
> > >>
> > >> This is the text present in the latest version of the online manpages,
> > >> http://webcache.googleusercontent.com/search?q=cache:http://www.kernel.org/doc/man-pages/reporting_bugs.html&ie=UTF-8
> > >>
> > >> 2) in net/ipv4/af_inet.c:inet_create():
> > >>       if (ipv4_config.no_pmtu_disc)
> > >>               inet->pmtudisc = IP_PMTUDISC_DONT;
> > >>       else
> > >>               inet->pmtudisc = IP_PMTUDISC_WANT;
> > >>
> > >> and pmtudisc is left alone from there on for UDP sockets.
> > >>
> > >> What should be adjusted, the man page or the code?
> > >>
> > > The man page is wrong I think
> > >
> > > By my read, the code:
> > > 1) Affects UDP and TCP the same way (which makes sense to me)
> > >
> > > 2) Is doing exactly what you asked it to, since you set no_pmtu_disc, which
> > > means the stack should be free to fragment a frame as it sees fit according to
> > > the MTU metric of the route its traversing, hence the cleared DF bit in the
> > > fraem.
> > >
> > > RFC 1191 can apply equally well to udp, as tcp, and is evident in that you can
> > > set the per-socket option IP_MTU_DISCOVER to any of the 4 acceptible values
> > > offered (DONT/WANT/DO/PROBE), so theres no reason the sysctl governing the
> > > default value at creation shouldn't apply as well.
> > > Neil
> > >
> > >
> > 
> > 
> > 
> > -- 
> > Michael Kerrisk
> > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
> > Author of "The Linux Programming Interface"; http://man7.org/tlpi/
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ