Stop setting IPV6_MINMTU in ip6_send() which is used by the ICMP code.

Because of this large ping packets where fragmented even if the MTU did
not indicate the need for it. This causes some trouble when system do
not expect to receive a fragmented answer from a system. One such case
is the automated link test from google routers before allowing to establish
a BGP peering session with them. In general PMTU problems should be an
issue from the past and if not it may be better to also break on ping
packets and not only for UDP and TCP. ICMP ping is normaly the first
tool in the admins toolbox to figure out network issues.
OK phessler@ florian@ bluhm@

diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 7d76fa7..0c1c5ba 100644 (file)
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip6_input.c,v 1.233 2021/04/30 13:52:48 bluhm Exp $   */
+/*     $OpenBSD: ip6_input.c,v 1.234 2021/05/17 10:09:53 claudio Exp $ */
 /*     $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $     */
 
 /*
@@ -1478,14 +1478,7 @@ ip6_send_dispatch(void *xmq)
 
        NET_LOCK();
        while ((m = ml_dequeue(&ml)) != NULL) {
-               /*
-                * To avoid a "too big" situation at an intermediate router and
-                * the path MTU discovery process, specify the IPV6_MINMTU
-                * flag.  Note that only echo and node information replies are
-                * affected, since the length of ICMP6 errors is limited to the
-                * minimum MTU.
-                */
-               ip6_output(m, NULL, NULL, IPV6_MINMTU, NULL, NULL);
+               ip6_output(m, NULL, NULL, 0, NULL, NULL);
        }
        NET_UNLOCK();
 }