| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 May 2020 16:19:45 -0700
From: Maciej Żenczykowski <zenczykowski@...il.com>
To: David Miller <davem@...emloft.net>
Cc: Linux NetDev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Willem de Bruijn <willemb@...gle.com>,
Xin Long <lucien.xin@...il.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>
Subject: Re: [PATCH] Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
> It's local system policy, how do I react to packets. If it doesn't
> violate the min/max limits for ipv6 packets it emits onto the internet
> I don't see this as something that can be seen as mandatory.
And if you *truly* do want to violate internet standards you can
indeed already achieve this behaviour by dropping incoming icmpv6
packet too big errors (and there's lots of reasons why that is a bad
idea...).
I'll repeat what I said previously: this is a userspace visible
regression in behaviour, of none or very questionable benefit.
It results in TCP over IPv6 simply not working to destinations to
which your locked mtu is higher then the real path mtu. This is why
'locked mtu' on IPv4 turns of the Don't Fragment bit - to allow
fragmentation at intermediate routers. There is no such thing in
IPv6.
There is no DF bit, and there is no router fragmentation - all ipv6
fragmentation is supposed to happen at the source host.
This is why hosts must either use 1280 min guaranteed mtu or be
responsive to pmtu errors. Otherwise things simply don't work.
Powered by blists - more mailing lists