]> Smallstep

martenseemann@gmail.com

Mozilla

mail@max-inden.de

Web and Internet Transport Transport and Services Working Group IP fragmentation Don't Fragment Path MTU Discovery DPLPMTUD When performing Path MTU Discovery (PMTUD) over UDP, applications must prevent fragmentation of UDP datagrams both by the sender's kernel and during network transit. This document provides guidance for implementers on configuring socket options to prevent fragmentation of IPv4 and IPv6 packets across commonly used platforms. Discussion Venues Discussion of this document takes place on the Transport and Services Working Group Working Group mailing list (tsvwg@ietf.org), which is archived at . Source for this draft and an issue tracker can be found at .

Introduction defines the Don't Fragment (DF) bit in the IPv4 header. When set, this bit prevents routers from fragmenting IP packets. If a router needs to fragment a packet with the DF bit set, it will instead drop the packet and send an ICMP "Fragmentation Needed" message back to the sender. The DF bit has historically been most relevant to TCP (), where the kernel handles Path MTU Discovery (PMTUD) internally. Applications using TCP sockets do not need to interact with the DF bit directly. In IPv6 (), fragmentation by intermediate nodes is not permitted. All IPv6 packets effectively have the DF bit set, however, the sender's kernel might still break up UDP datagrams that are too large to fit the MTU of the interface before sending a packet into the network. defines Datagram Packetization Layer Path MTU Discovery (DPLPMTUD), a mechanism that allows protocols running over UDP to determine the maximum packet size they can send. Setting the DF bit is crucial for DPLPMTUD, as it ensures that packets larger than the Path MTU are dropped, allowing the endpoint to detect the MTU limitation. QUIC is one such protocol that runs over UDP and makes use of DPLPMTUD. As QUIC implementations typically run in user space, they need to configure the DF bit on their UDP sockets to perform DPLPMTUD correctly. This document provides guidance for implementers on how to set the DF bit on UDP sockets across different platforms.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Setting the DF bit While routers don't fragment IPv6 packets in transit, the sender's kernel will still fragment UDP datagrams that are too large to fit the MTU of the interface before sending a packet into the network. Therefore, operating systems offer socket options to control the fragmentation behavior for IPv6 packets. For user-space implementations of DPLPMTUD, applications need to set the DF bit on IPv4 sockets and prevent fragmentation on IPv6 sockets.

Linux PMTUD behavior is controlled via the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER socket options at the IPPROTO_IP and IPPROTO_IPV6 levels. There are two closely related values: For IPv4, both IP_PMTUDISC_DO and IP_PMTUDISC_PROBE enable setting the DF bit. For IPv6, both IPV6_PMTUDISC_DO and IPV6_PMTUDISC_PROBE prevent fragmentation by the sender. The difference between the former and the latter is that the former instructs the kernel to process ICMP "Fragmentation Needed" messages, while the latter does not. When the kernel processes an ICMP "Fragmentation Needed" message, it will prevent the transmission of larger datagrams. Consequently, IP_PMTUDISC_DO makes applications vulnerable to the UDP equivalent of the Blind Performance-Degrading ICMP attack described in . This vulnerability does not exist when using IP_PMTUDISC_PROBE and IPV6_PMTUDISC_PROBE. For dual-stack sockets, both IPv4 and IPv6 socket options can be set independently.

Apple For IPv4, Apple platforms use the socket option of level IPPROTO_IP with name IP_DONTFRAG with value 1. For IPv6, IPV6_DONTFRAG with value 1 is used for the IPPROTO_IPV6 level. However, dual-stack sockets are handled differently: To open a dual-stack socket, an IPv6 socket needs to be opened and the IPV6_V6ONLY option needs to be set to 0. This enables the socket to send both IPv4 and IPv6 packets. IPv4 packets must be sent using an IPv4-mapped IPv6 address. When using a dual-stack socket, it is only necessary (and possible) to set the IPV6_DONTFRAG socket option. This results in the DF bit being set when sending IPv4 packets, and prevents fragmentation of IPv6 packets. It is not possible to control the fragmentation behavior of IPv4 and IPv6 separately.

Windows For IPv4, Windows uses the socket option of level IPPROTO_IP with name IP_DONTFRAGMENT with value 1. For IPv6, IPV6_DONTFRAG with value 1 is used for the IPPROTO_IPV6 level. Similar to the Apple platforms, dual-stack sockets are IPv6 sockets with the IPV6_V6ONLY option set to 0. IPv4 packets must be sent using an IPv4-mapped IPv6 address. However, contrary to Apple platforms, the DF bit on IPv4 packets is controlled by the IP_DONTFRAGMENT socket option.

Security Considerations TODO Security

IANA Considerations This document has no IANA actions.

Normative References This document specifies the Transmission Control Protocol (TCP). TCP is an important transport-layer protocol in the Internet protocol stack, and it has continuously evolved over decades of use and growth of the Internet. Over this time, a number of changes have been made to TCP as it was specified in RFC 793, though these have only been documented in a piecemeal fashion. This document collects and brings those changes together with the protocol specification from RFC 793. This document obsoletes RFC 793, as well as RFCs 879, 2873, 6093, 6429, 6528, and 6691 that updated parts of RFC 793. It updates RFCs 1011 and 1122, and it should be considered as a replacement for the portions of those documents dealing with TCP requirements. It also updates RFC 5961 by adding a small clarification in reset handling while in the SYN-RECEIVED state. The TCP header control bits from RFC 793 have also been updated based on RFC 3168. This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460. This document specifies Datagram Packetization Layer Path MTU Discovery (DPLPMTUD). This is a robust method for Path MTU Discovery (PMTUD) for datagram Packetization Layers (PLs). It allows a PL, or a datagram application that uses a PL, to discover whether a network path can support the current size of datagram. This can be used to detect and reduce the message size when a sender encounters a packet black hole. It can also probe a network path to discover whether the maximum packet size can be increased. This provides functionality for datagram transports that is equivalent to the PLPMTUD specification for TCP, specified in RFC 4821, which it updates. It also updates the UDP Usage Guidelines to refer to this method for use with UDP datagrams and updates SCTP. The document provides implementation notes for incorporating Datagram PMTUD into IETF datagram transports or applications that use datagram transports. This specification updates RFC 4960, RFC 4821, RFC 6951, RFC 8085, and RFC 8261. This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document discusses the use of the Internet Control Message Protocol (ICMP) to perform a variety of attacks against the Transmission Control Protocol (TCP). Additionally, this document describes a number of widely implemented modifications to TCP's handling of ICMP error messages that help to mitigate these issues. This document is not an Internet Standards Track specification; it is published for informational purposes.

Acknowledgments TODO acknowledge.