Kernel code PMTU update with PBR rules on L4 ports

Question

I am studying kernel routing code and notably PMTU management.

When sending an UDP packet (with DF flag set) the kernel stack is using a flowi4 with UDP sport and dport set, for fib_lookup [1]. Consequently in case of the presence of ip rule configurations based on L4 ports, we could have a different next-hop depending on the L4 ports of the routed packets.

In the case I receive an ICMP packet of type UNREACH FRAG_NEEDED, we go to udp err_handler [2], and this function will do a route lookup to retrieve the dst_entry of the next-hop that has been used to output the original packet. However this lookup is based on a flowi4 without sport and dport [3], so the returned dst_entry could not be the one that is used when sending UDP packets, and so the pmtu update could not apply.

Am I right and there is a bug here, or do I miss something ?

[1] https://elixir.bootlin.com/linux/v6.12/source/net/ipv4/udp.c#L1233

[2] https://elixir.bootlin.com/linux/v6.12/source/net/ipv4/udp.c#L771

[3] https://elixir.bootlin.com/linux/v6.12/source/net/ipv4/route.c#L1110

Answer 1

The payload of the ICMP error message will contain IP and 64 bits of the original datagram, As RFC 792, INTERNET CONTROL MESSAGE PROTOCOL explains:

The internet header plus the first 64 bits of the original datagram's data. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

You need to dig a little deeper into the ICMP error datagram to see the original source and destination port numbers.