Bug 39141

Summary: Broken PTMUD
Product: Base System Reporter: Phil Dibowitz <mss>
Component: kernAssignee: silby
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description Phil Dibowitz 2002-06-11 08:40:01 UTC 
BUG OVERVIEW
I believe there is a bug in the PMTUD (Path MTU Discovery) implementation in FreeBSD. According to RFC 1191, when using PMTUD all TCP datagrams must have the Don't Fragment (DF) bit set. It seems that FreeBSD does not fully obey this rule. On "SYN ACK" packets, the DF bit is not set. It is set on all other packets though (including SYN packets). The details are below - I have been unable to find any reason for this behavior.

SEVERITY
I don't consider this a big security hole, but it is a bug. It could be used to do TCP fingerprinting, and it also breaks a standard.

DETAILS
I have made available packet sniffer logs of both sides of a test at the following locations.
http://home.earthlink.net/~jaymzh666/mss/snoop-log-solaris-to-bsd.gz
http://home.earthlink.net/~jaymzh666/mss/tcpdump-log-bsd-to-solaris.gz

The test systems were as follows:
$ uname -a
SunOS mort 5.9 s81_57 sun4u sparc SUNW,Sun-Blade-100
$ uname -a
FreeBSD trantor.xs4all.nl 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Mon Apr 15
20:16:39 MET DST 2002
paulz@trantor.xs4all.nl:/usr/obj/usr/source/src/sys/trantor i386

If I can provide any more information, please let me know.

Fix: 

Set the DF bit on SYN+ACK packets when PMTUD is enabled.
How-To-Repeat: Connect to a FreeBSD server with Path MTU Discovery Enabled, and check the SYN+ACK packet.
Comment 1 silby freebsd_committer freebsd_triage 2002-06-12 01:53:37 UTC 
Responsible Changed
From-To: freebsd-bugs->silby

I'll handle this soon.
Comment 2 silby freebsd_committer freebsd_triage 2002-08-19 23:00:50 UTC 
State Changed
From-To: open->closed

Changes are fully MFC'd now, issue closed.