Send ICMP errors when unable to forward fragmented packets

Before this change, we would silently drop packets when the packet was too big to be sent out through the NIC (and, for IPv4 packets, if DF was set). This change brings us into line with RFC 792 (IPv4) and RFC 4443 (IPv6), both of which specify that gateways should return an ICMP error to the sender when the packet can't be fragmented. PiperOrigin-RevId: 373480078
author: Nick Brown <nickbrow@google.com> 2021-05-12 16:51:06 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-05-12 16:53:43 -0700
commit: 29f4b71eb3db3d082735bd4316006d6bcc3230a1 (patch)
tree: 868142adfcffdb8ba6a605f67fbd4a520d5cac8f /pkg/tcpip/tcpip.go
parent: 9854e5ac4d7f80a7db10270313bce7e485ce6f9b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/tcpip/tcpip.go b/pkg/tcpip/tcpip.go
index f9acd4bb8..7b9c8cd4f 100644
--- a/pkg/tcpip/tcpip.go
+++ b/pkg/tcpip/tcpip.go
@@ -1548,6 +1548,10 @@ type IPForwardingStats struct {
 	// because they contained a link-local destination address.
 	LinkLocalDestination *StatCounter
 
+	// PacketTooBig is the number of IP packets which were dropped because they
+	// were too big for the outgoing MTU.
+	PacketTooBig *StatCounter
+
 	// ExtensionHeaderProblem is the number of IP packets which were dropped
 	// because of a problem encountered when processing an IPv6 extension
 	// header.
author	Nick Brown <nickbrow@google.com>	2021-05-12 16:51:06 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-05-12 16:53:43 -0700
commit	29f4b71eb3db3d082735bd4316006d6bcc3230a1 (patch)
tree	868142adfcffdb8ba6a605f67fbd4a520d5cac8f /pkg/tcpip/tcpip.go
parent	9854e5ac4d7f80a7db10270313bce7e485ce6f9b (diff)