net: Don't drop route cache entry in ipv4_negative_advice unless PTMU expired

Message ID
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Guenter Roeck March 19, 2010, 2:41 p.m.
TCP sessions over IPv4 can get stuck if routers between endpoints
do not fragment packets but implement PMTU instead.

Setup is as follows

       MTU1    MTU2   MTU1

with MTU1 > MTU2. A and D are endpoints, B and C are routers. B and C
implement PMTU and drop packets larger than MTU2 (for example because
DF is set on all packets). TCP sessions are initiated between A and D.
There is packet loss between A and D, causing frequent TCP retransmits.

After the number of retransmits on a TCP session reaches tcp_retries1,
tcp calls dst_negative_advice() prior to each retransmit. This results
in route cache entries for the peer to be deleted in ipv4_negative_advice()
if the Path MTU is set.

If the outstanding data on an affected TCP session is larger than MTU2, packets
sent from the endpoints will be dropped by B or C, and ICMP NEEDFRAG will be
returned. A and D receive NEEDFRAG messages and update PMTU.

Before the next retransmit, tcp will again call dst_negative_advice(), causing
the route cache entry (with correct PMTU) to be deleted. The retransmitted
packet will be larger than MTU2, causing it to be dropped again.

This sequence repeats until the TCP session aborts or is terminated.

Problem is fixed by removing route cache entries in ipv4_negative_advice()
only if the PMTU is expired.

Signed-off-by: Guenter Roeck <>
 net/ipv4/route.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


David Miller March 22, 2010, 3:53 a.m. | #1
From: Guenter Roeck <>
Date: Fri, 19 Mar 2010 07:41:13 -0700

> TCP sessions over IPv4 can get stuck if routers between endpoints
> do not fragment packets but implement PMTU instead.

This bug actually only applies to a much more specific case.

It only occurs when the router we end up using is the result of
receiving a redirect to it.

If we use the configured route, and do not get redirected, the problem
never happens.

In any case, your patch is correct, and I'll add some clarification to
the commit message when I check this in.

Thanks a lot!
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at


diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index d9b4024..7e1c9e4 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1512,7 +1512,8 @@  static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
 			ret = NULL;
 		} else if ((rt->rt_flags & RTCF_REDIRECTED) ||
-			   rt->u.dst.expires) {
+			   (rt->u.dst.expires &&
+			    time_after_eq(jiffies, rt->u.dst.expires))) {
 			unsigned hash = rt_hash(rt->fl.fl4_dst, rt->fl.fl4_src,