diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2018-02-26 16:13:43 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-02-27 11:13:36 -0500 |
commit | c7272c2f1229125f74f22dcdd59de9bbd804f1c8 (patch) | |
tree | 4f70a439a495a90316a1ba294b9ddadcbf7cf292 /net/ipv4/proc.c | |
parent | 68b116a28f359c6d60b86af33a3f7c1f319542e4 (diff) | |
download | linux-c7272c2f1229125f74f22dcdd59de9bbd804f1c8.tar.bz2 |
net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
According to RFC 1191 sections 3 and 4, ICMP frag-needed messages
indicating an MTU below 68 should be rejected:
A host MUST never reduce its estimate of the Path MTU below 68
octets.
and (talking about ICMP frag-needed's Next-Hop MTU field):
This field will never contain a value less than 68, since every
router "must be able to forward a datagram of 68 octets without
fragmentation".
Furthermore, by letting net.ipv4.route.min_pmtu be set to negative
values, we can end up with a very large PMTU when (-1) is cast into u32.
Let's also make ip_rt_min_pmtu a u32, since it's only ever compared to
unsigned ints.
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/proc.c')
0 files changed, 0 insertions, 0 deletions