| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1335346710.3274.24.camel@edumazet-glaptop> Date: Wed, 25 Apr 2012 11:38:30 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Tore Anderson <tore@....no> Cc: Maciej Żenczykowski <maze@...gle.com>, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Tom Herbert <therbert@...gle.com> Subject: Re: [PATCH net-next] ipv6: RTAX_FEATURE_ALLFRAG causes inefficient TCP segment sizing On Wed, 2012-04-25 at 11:20 +0200, Tore Anderson wrote: > * Maciej Żenczykowski > > >> But we chose to _not_ decrease mtu and adhere to the specs. > > > > I get that we _choose_ to behave such, and I agree this adheres to > > specs. > > "Chose" (past), not "choose" (present). ;-) > > This patch does not make this choice. This patch merely fixes a bug in > the implementation of the choice that was made a long time ago. > > > But I'm not convinced that (even though this is allowed per RFC) this > > is the right choice. > > That is a different issue entirely, but I don't disagree with you. A > "min_pmtu" sysctl or something like that would be useful. > > > Also note that IPv6 prefers to see fragmentation happen at the end > > hosts, and not at the routers. > > Although of course it doesn't treat a tunnel end point as a router. > > Actually, in IPv6, fragmentation *must* be performed by end hosts, > routers (including tunnel end points) *cannot* fragment. > > However, the use case for the allfrag feature is not handling tunnels, > but IPv4<->IPv6 translation. The issue is that a IPv6 host may very > well > receive an ICMPv6 Packet Too Big indicating a PMTU of <1280 that was > originally transmitted by an IPv4 router (as an ICMPv4 Need To > Fragment) > and underwent translation to IPv6. > > In this case, the IPv6 node does not need to reduce the PMTU to <1280 > (Linux does not), but it is not invalid to have a <1280 MTU link in the > IPv4 internet either, so something else must be done for the > communication to work. The solution is then to include the IPv6 > Fragment > extension header, so that the translator have a suitable Identification > value to copy into the translated IPv4 header, and may therefore clear > the Don't Fragment flag, so that the IPv4 router will fragment the > packet as it is forwarded onto the low-MTU link. > > In case you're interested, I have a slide deck below that explains the > use case for IPv4<->IPv6 translation. Slide 25 is about the particular > corner case where the allfrag feature is necessary. URL: > > http://fud.no/talks/20120417-RIPE64-The_Case_for_IPv6_Only_Data_Centres.pdf Hmm, but what if we change linux to choice a) instead of b) ? That is, not cap mtu to minimum value 1280 (and not use anymore RTAX_FEATURE_ALLFRAG) : dst_allfrag() would be always false. In this case, do we still need to send the frag header ? I ask this because some TSO6 implementations probably dont cope very well with this added header (untested path) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists