6.2 mtu now limits size of incomming packet

Bill Moran wmoran at collaborativefusion.com
Fri Jul 13 17:04:04 UTC 2007

In response to Stephen Clark <Stephen.Clark at seclark.us>:

> Bill Moran wrote:
> >In response to Stephen Clark <Stephen.Clark at seclark.us>:
> >
> >>Sten Daniel Soersdal wrote:
> >>
> >>>Stephen Clark wrote:
> >>> 
> >>>>Hello,
> >>>>
> >>>>Did something change in 6.2? If my mtu size on rl0 is 1280 it won't
> >>>>accept a larger incomming packet.
> >>>>
> >>>>kernel: rl0: discard oversize frame (ether type 800 flags 3 len 1514 > max
> >>>>1294)
> >>>
> >>>That is what to be expected.
> >>>Incoming interface must have mtu set to the same mtu as all other hosts 
> >>>on the same L2 network. If mtu is set to the same as all other hosts, 
> >>>then it is impossible to receive a frame that is too large (assuming 
> >>>everything works).
> >>>
> >>>>I don't think it worked this way in the past.
> >>>>
> >>>>Won't this affect pmtud?
> >>>
> >>>Incoming interface must have its mtu set to large enough to receive the 
> >>>frame. Outgoing interface, on the other hand, can be lower.
> >>>
> >>>For pmtud to work you need to be able to receive packets on an interface 
> >>>with sufficiently set mtu, but the exitting interface can have a lower 
> >>>mtu configured. Thus the router can accept the incoming packet but may 
> >>>drop and notify on a frame that is too large to exit the outgoing 
> >>>interface (assuming DF is set).
> >>>
> >>>>man page for ifconfig says mtu limits size of "transmission" not reception.
> >>>>
> >>>>   "mtu n   Set the maximum transmission unit of the interface to n, 
> >>>>default
> >>>>           is interface specific."
> >>>>
> >>>Perhaps the man author considered reception to be implied?
> >>>
> >>>In any case, enforcing this on incoming packets is correct behavior.
> >>
> >>But shouldn't an icmp be generated back to the system sending the packet 
> >>that is
> >>being dropped? This is not happening. So the connection stalls.
> >
> >No.  You're thinking of PMTU, which involves the don't fragment bit and
> >intermediate routers.
> >
> >A packet that exceeds the network maximum MTU is an invalid packet, and
> >thus should be dropped silently or it could cause a DoS.
> This is not the behavior FreeBSD 4.9 exhibits. I just tested it. I had a 
> mtu of 1280 on the
> rl1 interface and it glady accepted packets of 1460.

I don't see that as relevant.  I'm sure earlier versions of many parts of
FreeBSD had bugs.  Take also into account the fact that best practices are
still evolving.

Let's flip the question around a bit: why would you _want_ the TCP stack
to accept frames larger than the stated MTU?

Bill Moran
Collaborative Fusion Inc.

wmoran at collaborativefusion.com
Phone: 412-422-3463x4023

More information about the freebsd-net mailing list