| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Mar 2015 22:35:48 +0200 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: David Miller <davem@...emloft.net>, klamm@...dex-team.ru Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] net: sysctl for RA default route MTU On Tue, Mar 31, 2015, at 22:05, David Miller wrote: > From: Roman Gushchin <klamm@...dex-team.ru> > Date: Mon, 30 Mar 2015 15:30:57 +0300 > > > This patch introduces new ipv6 sysctl: ra_default_route_mtu. > > If it's set (> 0), it defines per-route MTU for any new default route > > received by RA. > > > > This sysctl will help in the following configuration: we want to use > > jumbo-frames for internal networks and default ethernet frames for > > default route. Per-route MTU can only lower per-link MTU, so link MTU > > should be set to ~9000 (statically or via RA). > > > > Due to dynamic nature of RA, setting MTU for default route will require > > userspace agent, that will monitor changes of default route > > and (re)configure it. Not simple. The suggested sysctl solves this > > problem. > > > > Signed-off-by: Roman Gushchin <klamm@...dex-team.ru> > > Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org> > > I don't like this change at all. The way I see things you already > have the mechanisms necessary to do this. This is totally understandable and the change seems not to fit because it alters incoming information, but I try to quickly explain my reasoning for the Ack: Neighbour Discovery does not fit the way how linux handles MTUs. It is only possible to send out one MTU option on the Router Advertisement and we pick it up as the ipv6 MTU value for the interface. A RA can provide further routing information but no MTU option is possible to be specified on those route options, thus they will adapt the link MTU. There is no differentiation between interface MTU and per-route MTU. One common setup is to have local jumbo frames to speed up e.g. NFS traffic and use default routes with MTU 1500 to reach the outside world. As I had no other idea how to solve this with in-kernel autoconf mechanism I thought this change would be reasonable. Obviously one can disable autoconf and set up routes by hand with correct MTU values which should solve the problem - or use custom DHCPv6 options to do so. > You obviously control the entity providing the default routes and > these RA messages, therefore you absolutely can configure it to > provide an appropriate MTU value in those RA messages. > > Problem solved, and no kernel changes necessary. > > I am warning you ahead of time that I will have a very low tolerance > for replies to this email containing stories explaining why this is > "difficult" to do. The fact is that the mechanism is there and if you > have designed things at your site in a way such that the mechanism > designed for this has become less useful, that isn't my problem. > > I'm not adding facilities that duplicated existing methods that > already exist to accomplish this task. Could you quickly comment on what you had in mind? I guess it is about handling RA in user space on the end hosts and overwriting MTU during insertion of the routes? Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists