Feature idea...

Craig Metz (cmetz@sundance.itd.nrl.navy.mil)
Mon, 31 Jul 1995 18:45:19 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: root: "Deliver"
Previous message: E.J. Wilburn: "Re: RADIUS?"

A feature that, IMO, would be nice to have in the Linux IP stack
should someone have the time to write it would be to have the stack return
an ICMP unreachable/type=protocol unreachable (with more than the minumum
eight octets if we can, at least up to the minimum MTU) if there are no
raw PF_INET sockets currently open. Raw sockets could be implementing a
new protocol in user space and we can't determine the protocol they
implement, so, with any raw inet sockets open, we can't return unreachables
lest we kill off legitimate packets. But with no raw sockets open, the kernel
knows exactly what protocols are available and can determine if a protocol
is unreachable. (For reference, Linux currently does what BSD does -- it
*never* returns these unreachables.)

The reason this came about is that the ICMP protocol unreachables
make a nice way for tunnelling boxes to determine wether the remote system
supports tunnelling or not. With BSD boxen, you never get back an ICMP
unreachable, which isn't too cool IMO. With Cisco routers, you get what
the spec says you must return if you return anything, that is, eight octets.
This is still pretty worthless since you don't have a whole IP header.
But if you return the entire IP header in the ICMP error reply, life's
good for the tunnel sender, it can figure out that the remote system can't
support IP tunneling, and can act accordingly. This is also IMO reasonable
since the common case would give you two IP headers (2 x 20 octets) plus one
ICMP header (1 x 8 octets) for a total of 48 octets, which fits nicely in
the IP minimum MTU.

-Craig

Next message: root: "Deliver"
Previous message: E.J. Wilburn: "Re: RADIUS?"