lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87bpc11xyw.fsf@basil.nowhere.org>
Date:	Thu, 27 May 2010 11:43:35 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	"Vincent\, Pradeep" <pradeepv@...zon.com>
Cc:	"netdev\@vger.kernel.org" <netdev@...r.kernel.org>
Subject: Re: UDP Fragmentation and DF bit..

"Vincent, Pradeep" <pradeepv@...zon.com> writes:

> OMan 7 ip¹ declares that ³The  system-wide  default  is  controlled  by  the
> ip_no_pmtu_disc  sysctl  for SOCK_STREAM  sockets,  and  disabled  on all
> others.² which led me to think ODF¹ bit will not be set for UDP packets.
> But..

One should add ip.7 is not really a spec, just documentation
how things were quite a few years ago. It unfortunately
does often not get updated when things change.

>
> In a network environment where MTU-big and MTU-small co-exist (and have
> router¹s fragmentation turned off in favor of PMTU discovery), UDP packets
> that are > MTU-small and < MTU-big find the PMTU effectively but UDP
> packets


I don't understand your mtu-small/big concept. PMTU is per IP and per
flow. So there's only always a single PMTU, not small and big.

Or do you refer to a single IP NAT situation where a single IP
shares different MTUs?

> Is there a reason ODF¹ bit cannot be set on fragmented packets on UDP
> transmission ? I couldn¹t find anything in RFC for IP protocol that
> prohibited DF bit on fragmented packets. Did I miss
> something here ?

> Would it be reasonable if PMTU discovery is performed (DF bit set +
> appropriate icmp logic) even for locally fragmented packets ? I think
> this


DF=1 on fragments would mean the application has to do pmtu discovery
even with fragments for the case when the kernel does not know 
the path mtu yet. But if the app supports pmtu discovery it's better
to not use fragments in the first place.

-Andi

-- 
ak@...ux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ