Fix: Next-Hop MTU in ICMPv4 "Fragmentation Needed" Packets#12634
Merged
copybara-service[bot] merged 1 commit intogoogle:masterfrom Apr 2, 2026
Merged
Fix: Next-Hop MTU in ICMPv4 "Fragmentation Needed" Packets#12634copybara-service[bot] merged 1 commit intogoogle:masterfrom
copybara-service[bot] merged 1 commit intogoogle:masterfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Collaborator
|
Please squash your commits: https://github.com/google/gvisor/blob/master/CONTRIBUTING.md#code-reviews |
Contributor
Author
|
Hey, done Squashed the commits. Please take a look. |
manninglucas
requested changes
Mar 30, 2026
Contributor
manninglucas
left a comment
manninglucas
left a comment
There was a problem hiding this comment.
Thanks for the change. e.MTU() returns the network MTU, but according to your change description you want to set the ICMP message value to the link MTU.
See the comment on NetworkEndpoint.MTU() in //pkg/tcpip/stack/registration.go:
// MTU is the maximum transmission unit for this endpoint. This is
// generally calculated as the MTU of the underlying data link endpoint
// minus the network endpoint max header length.
Contributor
Author
Oh yes, thanks for pointing this out. Updated to use |
manninglucas
approved these changes
Mar 30, 2026
copybara-service Bot
pushed a commit
that referenced
this pull request
Mar 30, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 2067f61 PiperOrigin-RevId: 891782710
copybara-service Bot
pushed a commit
that referenced
this pull request
Mar 31, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 2067f61 PiperOrigin-RevId: 892405056
copybara-service Bot
pushed a commit
that referenced
this pull request
Mar 31, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 2067f61 PiperOrigin-RevId: 891782710
copybara-service Bot
pushed a commit
that referenced
this pull request
Mar 31, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 2067f61 PiperOrigin-RevId: 891782710
aaltinaydev
reviewed
Mar 31, 2026
manninglucas
approved these changes
Apr 1, 2026
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 1, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 8b1f272 PiperOrigin-RevId: 891782710
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 1, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 8b1f272 PiperOrigin-RevId: 891782710
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 1, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 8b1f272 PiperOrigin-RevId: 891782710
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 2, 2026
Fixes #12568 ### Problem - When gVisor sends an ICMPv4 “Fragmentation Needed” message (Type 3, Code 4), it was leaving the Next-Hop MTU field as 0. - According to RFC 1191, this field must contain the MTU of the next-hop link. Sending 0 is incorrect. ### Impact - When a Linux host receives a Fragmentation Needed message with MTU set to 0, it falls back to an old default value from the RFC plateau table. In practice, this results in the system caching an MTU of 552 bytes. - That causes connections to containers behind gVisor to degrade significantly, especially for larger packets. It can also create long-lived MTU locks in the routing cache, which impacts performance to external services like GitHub. ### Root cause **In the IPv4 forwarding path**: If a packet: - Has the Don’t Fragment bit set - Exceeds the outgoing link MTU gVisor correctly generates an ICMP Destination Unreachable with Code 4. However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0. The method to set it already exists. It just wasn’t being used. ### What this change does 1. Introduces a new ICMP reason type that carries the next-hop MTU value. 2. Updates sendICMPv4 to: - Set the correct ICMP code for Fragmentation Needed. - Populate the MTU field with the actual link MTU. - Safely cap it to uint16 maximum. 3. Updates the forwarding path to pass the correct MTU when generating the ICMP error. ### Result Now, when a packet is too large and cannot be forwarded: - gVisor correctly includes the actual next-hop MTU in the ICMP response. - Hosts update their Path MTU properly. - No fallback to 552 bytes. - No unnecessary performance degradation. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12634 from pawannn:master 8b1f272 PiperOrigin-RevId: 891782710
maci0
pushed a commit
to maci0/gvisor
that referenced
this pull request
Apr 23, 2026
PiperOrigin-RevId: 893208595
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #12568
Problem
Impact
Root cause
In the IPv4 forwarding path:
If a packet:
gVisor correctly generates an ICMP Destination Unreachable with Code 4.
However, while constructing the ICMP header, it never sets the Next-Hop MTU field using icmpHdr.SetMTU(). As a result, the MTU remains 0.
The method to set it already exists. It just wasn’t being used.
What this change does
Result
Now, when a packet is too large and cannot be forwarded: