[107261] in North American Network Operators' Group
Re: IP Fragmentation
daemon@ATHENA.MIT.EDU (Fernando Gont)
Thu Aug 28 19:51:21 2008
Date: Thu, 28 Aug 2008 20:46:56 -0300
To: "Glen Kent" <glen.kent@gmail.com>, "Jim Logajan" <JamesL@lugoj.com>
From: Fernando Gont <fernando@gont.com.ar>
In-Reply-To: <92c950310808281644h3549166csd5581889c164eba2@mail.gmail.co
m>
Cc: OPS Gurus <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
At 08:44 p.m. 28/08/2008, Glen Kent wrote:
>I understand that routers usually must send this error only when a
>fragmentation is required and they recieve a packet with DF bit set.
>However, in this case this router would drop the packet (for it doesnt
>support fragmentation) and sending an ICMP error back to the host,
>warning it that its packets will get dropped seems to be a better
>option.
>
>OTOH, what do most of the implementations do if they send a regular IP
>packet and receive an ICMP dest unreachable - Fragmentation reqd
>message back? Do they fragment this packet and then send it out, or
>this message is silently ignored?
You may want to have a look at this IETF I-D:
http://www.gont.com.ar/drafts/icmp-attacks/draft-ietf-tcpm-icmp-attacks-03.txt.
The PMTUD modification described in the draft ships (at least) in
OpenBSD and NetBSD.
Thanks!
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
