lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Dec 2009 02:17:31 +0100 From: Benoit PAPILLAULT <benoit.papillault@...e.fr> To: hadi@...erus.ca CC: Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org, bugzilla-daemon@...zilla.kernel.org, bugme-daemon@...zilla.kernel.org Subject: Re: [Bugme-new] [Bug 14837] New: gretap does not fragment IP packets jamal a écrit : > Sending back an ICMP is good behavior. Sending it "who knows" is not ;-> > Make sure it is sent to the originator of the packet. The originator of > the packet should play nice and reduce the path mtu. > > One work around is to reduce the gre device mtu to something less than > 1500B. > > cheers, > jamal > > > As I explained in my original message, the gre device MTU must be 1500 bytes (since it is used in an Ethernet bridge). To reproduce the problem, I did a very simple setup with two machines (A & B) connected with an Ethernet cable (so no router between them). On machine A : # ip link add gre0 type gretap local <A> remote <B> # ifconfig gre0 mtu 1500 # ifconfig gre0 192.192.192.1 up On machine B: # ip link add gre0 type gretap local <B> remote <A> # ifconfig gre0 mtu 1500 # ifconfig gre0 192.192.192.2 up On machine A: # ping 192.192.192.2 => working # ping -s 1434 192.192.192.2 => working, match a GRE packet of 1500 bytes # ping -s 1435 192.192.192.2 => not working, match a GRE packet of 1501 bytes (1435+8+20+38) # ping -s 1472 192.192.192.2 => not working, match an IP packet of 1500 bytes Doing a tcpdump on the machine (like tcpdump -pni any) shows that ICMP packets are simply dropped! Using tracepath 192.192.192.2, a tcpdump -pni lo shows : IP 192.192.192.1 > 192.192.192.1: ICMP 192.192.192.2 unreachable - need to frag (mtu 1500), length 556 Regards, Benoit -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists