| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Oct 2020 08:55:48 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: David Ahern <dsahern@...il.com>
Cc: wenxu <wenxu@...oud.cn>, netdev@...r.kernel.org,
Stefano Brivio <sbrivio@...hat.com>,
David Ahern <dsahern@...nel.org>
Subject: Re: [PATCH net] ip_tunnel: fix over-mtu packet send fail without
TUNNEL_DONT_FRAGMENT flags
On Tue, 27 Oct 2020 08:51:07 -0600 David Ahern wrote:
> > Is this another incarnation of 4cb47a8644cc ("tunnels: PMTU discovery
> > support for directly bridged IP packets")? Sounds like non-UDP tunnels
> > need the same treatment to make PMTUD work.
> >
> > RFC2003 seems to clearly forbid ignoring the inner DF:
>
> I was looking at this patch Sunday night. To me it seems odd that
> packets flowing through the overlay affect decisions in the underlay
> which meant I agree with the proposed change.
The RFC was probably written before we invented terms like underlay
and overlay, and still considered tunneling to be an inefficient hack ;)
> ip_md_tunnel_xmit is inconsistent right now. tnl_update_pmtu is called
> based on the TUNNEL_DONT_FRAGMENT flag, so why let it be changed later
> based on the inner header? Or, if you agree with RFC 2003 and the DF
> should be propagated outer to inner, then it seems like the df reset
> needs to be moved up before the call to tnl_update_pmtu
Looks like TUNNEL_DONT_FRAGMENT is intended to switch between using
PMTU inside the tunnel or just the tunnel dev MTU. ICMP PTB is still
generated based on the inner headers.
We should be okay to add something like IFLA_GRE_IGNORE_DF to lwt,
but IMHO the default should not be violating the RFC.
Powered by blists - more mailing lists