| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Apr 2014 15:35:14 +0100
From: Patrick McHardy <kaber@...sh.net>
To: Maxime Bizon <mbizon@...ebox.fr>
Cc: Eric Dumazet <edumazet@...gle.com>, davem@...emloft.net,
netdev <netdev@...r.kernel.org>
Subject: Re: problem forwarding IP fragments with DF bit set (caused by ipv4:
fix path MTU discovery with connection tracking)
On Mon, Apr 28, 2014 at 07:59:40PM +0200, Maxime Bizon wrote:
>
> On Mon, 2014-04-28 at 18:37 +0200, Maxime Bizon wrote:
> >
> > conntrack causes the packets to be re-assembled, but since the
> > resulting skb now has IP_DF set, it fails the (DF + MTU) test in
> > ip_forward.c and causes ICMP frag_needed to be sent.
>
> hum isn't it just a matter of doing this ?
But why should we do this? The entire point of the patch was to fix PMTUD.
> --- a/net/ipv4/ip_fragment.c
> +++ b/net/ipv4/ip_fragment.c
> @@ -493,6 +493,8 @@ found:
> skb->len + ihl > qp->q.max_size)
> qp->q.max_size = skb->len + ihl;
>
> + skb->local_df = 1;
> +
> if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
> qp->q.meat == qp->q.len) {
> unsigned long orefdst = skb->_skb_refdst;
>
>
> --
> Maxime
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists