Send ICMP errors when unable to forward fragmented packets

Before this change, we would silently drop packets when the packet was too
big to be sent out through the NIC (and, for IPv4 packets, if DF was set).
This change brings us into line with RFC 792 (IPv4) and RFC 4443 (IPv6),
both of which specify that gateways should return an ICMP error to the sender
when the packet can't be fragmented.

PiperOrigin-RevId: 373480078

2 files changed, 10 insertions, 0 deletions

diff --git a/pkg/tcpip/stack/packet_buffer.go b/pkg/tcpip/stack/packet_buffer.go
index 9527416cf..fc3c54e34 100644
--- a/pkg/tcpip/stack/packet_buffer.go
+++ b/pkg/tcpip/stack/packet_buffer.go
@@ -40,6 +40,10 @@ type PacketBufferOptions struct {
 	// Data is the initial unparsed data for the new packet. If set, it will be
 	// owned by the new packet.
 	Data buffer.VectorisedView
+
+	// IsForwardedPacket identifies that the PacketBuffer being created is for a
+	// forwarded packet.
+	IsForwardedPacket bool
 }
 
 // A PacketBuffer contains all the data of a network packet.
@@ -132,6 +136,9 @@ func NewPacketBuffer(opts PacketBufferOptions) *PacketBuffer {
 	if opts.ReserveHeaderBytes != 0 {
 		pk.header = buffer.NewPrependable(opts.ReserveHeaderBytes)
 	}
+	if opts.IsForwardedPacket {
+		pk.NetworkPacketInfo.IsForwardedPacket = opts.IsForwardedPacket
+	}
 	return pk
 }
 
diff --git a/pkg/tcpip/stack/registration.go b/pkg/tcpip/stack/registration.go
index e26225552..a82c807b4 100644
--- a/pkg/tcpip/stack/registration.go
+++ b/pkg/tcpip/stack/registration.go
@@ -55,6 +55,9 @@ type NetworkPacketInfo struct {
 	// LocalAddressBroadcast is true if the packet's local address is a broadcast
 	// address.
 	LocalAddressBroadcast bool
+
+	// IsForwardedPacket is true if the packet is being forwarded.
+	IsForwardedPacket bool
 }
 
 // TransportErrorKind enumerates error types that are handled by the transport