Currently we reject the -m option if given a value less than ETH_MAX_MTU
(68). That define is derived from the kernel, but its name is misleading:
it doesn't really have anything to do with Ethernet per se, but is rather
the minimum payload any L2 link must be able to handle in order to carry
IPv4. For IPv6, it's not sufficient: that requires an MTU of at least
1280.
Furthermore, the value of 68 is the minimum IP *fragment* size the link
must be able to carry. Since we don't support IP fragmentation, it's not
sufficient for us. Instead we should clamp the MTU to 576 for IPv4 - the
minimum IP datagram size that all hosts must be able to accept.
Move the verification of the MTU's lower bound to logic specific to the IP
versions and correct those errors.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
conf.c | 20 +++++++++++++++-----
ip.h | 7 +++++++
util.h | 3 ---
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/conf.c b/conf.c
index c5ee07b0..e127acc1 100644
--- a/conf.c
+++ b/conf.c
@@ -1663,9 +1663,9 @@ void conf(struct ctx *c, int argc, char **argv)
if (errno || *e)
die("Invalid MTU: %s", optarg);
- if (mtu && (mtu < ETH_MIN_MTU || mtu > ETH_MAX_MTU)) {
- die("MTU %lu out of range (%u..%u)", mtu,
- ETH_MIN_MTU, ETH_MAX_MTU);
+ if (mtu > ETH_MAX_MTU) {
+ die("MTU %lu too large (max %u)",
+ mtu, ETH_MAX_MTU);
}
c->mtu = mtu;
@@ -1838,10 +1838,20 @@ void conf(struct ctx *c, int argc, char **argv)
log_conf_parsed = true; /* Stop printing everything */
nl_sock_init(c, false);
- if (!v6_only)
+ if (!v6_only) {
+ if (c->mtu < IPV4_MINMAX_DATAGRAM) {
+ die("MTU %"PRIu16" is too small for IPv4 (minimum %u)",
+ c->mtu, IPV4_MINMAX_DATAGRAM);
+ }
c->ifi4 = conf_ip4(ifi4, &c->ip4);
- if (!v4_only)
+ }
+ if (!v4_only) {
+ if (c->mtu < IPV6_MIN_MTU) {
+ die("MTU %"PRIu16" is too small for IPv6 (minimum %u)",
+ c->mtu, IPV6_MIN_MTU);
+ }
c->ifi6 = conf_ip6(ifi6, &c->ip6);
+ }
if ((*c->ip4.ifname_out && !c->ifi4) ||
(*c->ip6.ifname_out && !c->ifi6))
die("External interface not usable");
diff --git a/ip.h b/ip.h
index 1544dbf4..8f5262fa 100644
--- a/ip.h
+++ b/ip.h
@@ -104,4 +104,11 @@ static const struct in6_addr in6addr_ll_all_nodes = {
/* IPv4 Limited Broadcast (RFC 919, Section 7), 255.255.255.255 */
static const struct in_addr in4addr_broadcast = { 0xffffffff };
+/* Minimum IP datagram size all hosts must be prepared to accept (RFC 791) */
+#define IPV4_MINMAX_DATAGRAM 576
+
+#ifndef IPV6_MIN_MTU
+#define IPV6_MIN_MTU 1280
+#endif
+
#endif /* IP_H */
diff --git a/util.h b/util.h
index 50e96d32..bdca5ee6 100644
--- a/util.h
+++ b/util.h
@@ -34,9 +34,6 @@
#ifndef ETH_MAX_MTU
#define ETH_MAX_MTU USHRT_MAX
#endif
-#ifndef ETH_MIN_MTU
-#define ETH_MIN_MTU 68
-#endif
#ifndef IP_MAX_MTU
#define IP_MAX_MTU USHRT_MAX
#endif
--
2.48.1