[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20150413.135348.461869719021663434.davem@davemloft.net>
Date: Mon, 13 Apr 2015 13:53:48 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: fw@...len.de
Cc: netdev@...r.kernel.org, kaber@...sh.net
Subject: Re: [PATCH -next 0/3] net: cap size to original frag size when
refragmenting
From: Florian Westphal <fw@...len.de>
Date: Sat, 11 Apr 2015 00:16:26 +0200
> This series alters ipv4 and ipv6 fragmentation to ensure that we do not
> increase the size of the original fragments when refragmenting.
>
> For IPv4, we only do this when DF bit was set on original fragments since
> path mtu discovery doesn't happen otherwise.
What really saddens me is that in my opinion the code was doing the
right thing prior to commit 6aafeef03b9d ("netfilter: push reasm skb
through instead of original frag skbs").
I would rather we investigate making the previous scheme work
properly.
Because then there is no ambiguity at all, you preserve on output
exactly what you had on input. The same geometry, the same
everything. No special checks, no max frag len, none of this crap.
Those are all hacks trying to work around the _fundamental_ issue
which is that we potentially change the thing when we refrag.
The commit in question claims that the "problem" is that if some of
the sub-frags don't match the same we have problems. Well that is so
easy to test for, and if such a test triggers take a slow path.
Netfilter should not ever change the geometry of a fragmented frame.
And the only way to do that is to maintain the fraglist of the
individual fragments through the netfilter stack.
The end result should be much faster than what we have now too.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists