lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 11 Jan 2019 14:13:01 +0100
From:   Fredrik Gustavsson <>
To:     Toshiaki Makita <>
Cc:     netdev <>,
        David Miller <>,
        Daniel Borkmann <>
Subject: Re: [PATCH v1 1/1] veth: Do not drop packets larger then the mtu set
 on the receiving side

Den fre 11 jan. 2019 kl 05:23 skrev Toshiaki Makita
> On 2019/01/10 22:26, Fredrik Gustavsson wrote:
> > commit affede4a779420bd8510ab937251a3796d3228df
> > Author: Fredrik Gustavsson <>
> > Date:   Tue Jan 8 11:21:39 2019 +0100
> >
> > veth: Do not drop packets larger then the mtu set on the receiving side
> >
> > Currently veth drops all packets larger then the mtu set on the receiving
> > end of the pair. This is inconsistent with most hardware ethernet drivers
> > that happily receives packets up the the ethernet MTU independent of the
> > configured MTU.
> >
> > There should not be a need for dropping IP packets at receiver with
> > size > configured IP MTU, IP MTU is for fragmentation at sender side.
> > And IP packets with size > receiver L2 MTU will be dropped at sub-IP layer.
> But with current veth behavior setting MTU effectively sets MRU as well.
> This may be being used to drop unexpectedly long packets e.g. from
> containers on container host. If we unconditionally change this behavior
> it can cause regression on some environment. This should be an option at
> least.
> BTW there was a similar precedent attempt. You might want to take a look.
> --
> Toshiaki Makita
Good argument, but do you agree that it shouldn't be working like it
does? But not sure if such a case would exist but breaking
compatitbility have been discussed in other threads. So your saying
that people have actually used it as a receiving limit for IP packets?

Nice that you found that older thread it is also availble here:
Were I thought the ending argument was that if it shouldn't be dropped
don't drop it. And that introducing a MRU parameter was just making
things more complicated. But for my use case either way would work.

Powered by blists - more mailing lists