On Fri, 14 Jun 2002, Jonathan Lemon wrote:
> It is a DoS. Suppose that for some reason, we send out a SYN,ACK of > 80 octets, which hits a router with the minimum MTU of 68 octets. > Unlikely, yes, but still legal. If IP_DF is set, the packet gets dropped, > and a ICMP PMTU response is sent back, but the syncache will still resend > the 80 octet datagram. If IP_DF is clear, the datagram will get through. In theory, I guess that could happen. Give me a few days to examine the PMTU code to see if there's an easy way to handle that case. If the DF bit is removed on the resend, would that be acceptable? /me has this bad feeling that he just roped himself into auditing the PTMU code. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
