HostedDB - Dedicated UNIX Servers
ICMP_Scanning_43
ICMP Usage in Scanning 43 Copyright Ó Ofir Arkin, 2000 http://www.sys-security.com Appendix B: ICMP “Fragmentation Needed but the Don’t Fragment Bit was set” and the Path MTU Discovery Process 30 When one host needs to send data to another host, the data is transmitted in a series of IP datagrams. We wish the datagrams be the largest size possible that does not require fragmentation31 along the path from the source host to the destination host.   Fragmentation by the IP layer raises few problems: o If  one  fragment  from  a  packet  is  dropped,  we  need  to  retransmit  the  whole packet. o Load on the routers, which needs to do the fragmentation. o Some simpler firewalls would block all fragments because they do not contain the header information for a higher layer protocol needed for filtering. The Maximum Transfer Unit (MTU) is a link layer restriction on the maximum number of bytes of data  in  a  single  transmission.  The  smallest  MTU  of  any  link  on  the  current  path  between  two hosts is called the Path MTU. B.1 The PATH MTU Discovery Process We use the Don’t Fragment Bit Flag in the IP header to dynamically discover the Path MTU of a given route. The source host assumes that the PMTU of a path is the known MTU of its first hop. He will send all datagrams with that size, and set the Don’t Fragment Bit. If along the path to the destination host, there is a router that needs to fragment the datagram in order to pass it to the next hop, an ICMP error message (Type 3 Code 4 “Fragmentation Needed and DF set”) will be generated, since the Don’t Fragment bit was set. When the sending host receives the ICMP error message he should reduce his assumed PMTU for the path. The  process  can  end  when  the  estimated  PMTU  is  low  enough  for  the  datagrams  not  to  be fragmented.  The  source  host  itself  can  stop  the  process  if  he  is  willing  to  have  the  datagrams fragmented in some circumstances. Usually the DF bit would be set in all datagrams, so if a route changes to the destination host, and the PMTU is lowered, than we would discover it.   The  PMTU  of  a  path  might  be  increased  over  time,  again  because  of  a  change  in  the  routing topology. To detect it, a host should periodically increase its assumed PMTU for that link. The link MTU field in the ICMP “Fragmentation Needed and DF set” error message, carries the MTU of the constricting hop, enabling the source host to know the exact value he needs to set the PMTU  for  that  path  to  allow  the  voyage  of  the  datagrams  beyond  that  point  (router)  without fragmentation.   B.2 Host specification   A host must reduce his estimated PMTU for the relevant path when he receives the ICMP “Fragmentation Needed and the DF bit was set” error message. RFC 1191 does not outline a specific behavior that is expected from the sending host, because different applications may have different requirements, and different implementation architectures may favor different strategies.                                                    30 RFC 1191, http://www.ietf.org/rfc/rfc1191.txt, J. Mogul, S. Deering. 31 When we send a packet that it is too large to be sent across a link as a single unit, a router needs to slice/split the packet into smaller parts, which contain enough information for the receiver to reassemble them. This is called fragmentation.