lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B2ECCAB.8010702@free.fr>
Date:	Mon, 21 Dec 2009 02:17:31 +0100
From:	Benoit PAPILLAULT <benoit.papillault@...e.fr>
To:	hadi@...erus.ca
CC:	Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org,
	bugzilla-daemon@...zilla.kernel.org,
	bugme-daemon@...zilla.kernel.org
Subject: Re: [Bugme-new] [Bug 14837] New: gretap does not fragment IP packets

jamal a écrit :
> Sending back an ICMP is good behavior. Sending it "who knows" is not ;->
> Make sure it is sent to the originator of the packet. The originator of
> the packet should play nice and reduce the path mtu.
>
> One work around is to reduce the gre device mtu to something less than
> 1500B.
>
> cheers,
> jamal
>
>
>   
As I explained in my original message, the gre device MTU must be 1500 
bytes (since it is used in an Ethernet bridge). To reproduce the 
problem, I did a very simple setup with two machines (A & B) connected 
with an Ethernet cable (so no router between them).

On machine A :
# ip link add gre0 type gretap local <A> remote <B>
# ifconfig gre0 mtu 1500
# ifconfig gre0 192.192.192.1 up

On machine B:
# ip link add gre0 type gretap local <B> remote <A>
# ifconfig gre0 mtu 1500
# ifconfig gre0 192.192.192.2 up

On machine A:
# ping 192.192.192.2 => working
# ping -s 1434 192.192.192.2 => working, match a GRE packet of 1500 bytes
# ping -s 1435 192.192.192.2 => not working, match a GRE packet of 1501 
bytes (1435+8+20+38)
# ping -s 1472 192.192.192.2 => not working, match an IP packet of 1500 
bytes


Doing a tcpdump on the machine (like tcpdump -pni any) shows that ICMP 
packets are simply dropped!

Using tracepath 192.192.192.2, a tcpdump -pni lo shows :
IP 192.192.192.1 > 192.192.192.1: ICMP 192.192.192.2 unreachable - need 
to frag (mtu 1500), length 556

Regards,
Benoit
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ