From: Patrick McHardy <kaber@trash.net>
To: Jiri Pirko <jiri@resnulli.us>
Cc: Florian Westphal <fw@strlen.de>,
netdev@vger.kernel.org, davem@davemloft.net, pablo@netfilter.org,
netfilter-devel@vger.kernel.org, yoshfuji@linux-ipv6.org,
kadlec@blackhole.kfki.hu, mleitner@redhat.com,
kuznet@ms2.inr.ac.ru, jmorris@namei.org, wensong@linux-vs.org,
horms@verge.net.au, ja@ssi.bg, edumazet@google.com,
pshelar@nicira.com, jasowang@redhat.com,
alexander.h.duyck@intel.com, coreteam@netfilter.org
Subject: Re: [patch net-next 2/3] netfilter: ip6_tables: use reasm skb for matching
Date: Wed, 6 Nov 2013 14:51:04 +0000 [thread overview]
Message-ID: <20131106145104.GA18406@macbook.localnet> (raw)
In-Reply-To: <20131106144453.GD2458@minipsycho.orion>
On Wed, Nov 06, 2013 at 03:44:53PM +0100, Jiri Pirko wrote:
> Wed, Nov 06, 2013 at 03:33:49PM CET, fw@strlen.de wrote:
> >Jiri Pirko <jiri@resnulli.us> wrote:
> >> >> >So if someone wants to change this, simply *only* pass the reassembled
> >> >> >packet through the netfilter hooks and drop the fragments, as in IPv4.
> >> >>
> >> >> This is unfortunatelly not possible because in forwarding use case, the
> >> >> fragments have to be send out as they come in.
> >> >
> >> >No, the IPv6 NAT patches fixed that, we still do proper refragmentation
> >> >and we still respect the original fragment sizes, thus are not responsible
> >> >for potentially exceeding the PMTU on the following path.
> >>
> >> Can you please point where this is done. Where the original fragment
> >> sizes are stored and in which code are they restored? Thanks.
> >
> >Patrick is probably talking about
> >
> >commit 4cdd34084d539c758d00c5dc7bf95db2e4f2bc70
> >(netfilter: nf_conntrack_ipv6: improve fragmentation handling)
> >which introduces 'frag_max_size' in inet6_skb_parm struct.
Indeed.
> Thanks for the pointer. Interestingly though, according to my testing,
> if reassembled packet would fit into outdev mtu, it is not fragmented
> to the original frag size and it is send as single big packet. That is
> I believe not correct.
Hmm right, that wasn't the intention. We currently only use frag_max_size
to send PKT_TOOBIG messages if the size exceeds the MTU, but not to trigger
fragmentation itself.
We probably need to handle this in ip6_finish_output(). Would you mind
fixing this up as well in your patches?
next prev parent reply other threads:[~2013-11-06 14:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-05 11:02 [patch net-next 0/3] couple of reasm fixes Jiri Pirko
2013-11-05 11:02 ` [patch net-next 1/3] move skb_nfct_reasm into skbuff.h Jiri Pirko
2013-11-05 11:50 ` Marcelo Ricardo Leitner
2013-11-06 1:00 ` Simon Horman
2013-11-05 11:02 ` [patch net-next 2/3] netfilter: ip6_tables: use reasm skb for matching Jiri Pirko
2013-11-05 11:50 ` Marcelo Ricardo Leitner
2013-11-05 13:32 ` Florian Westphal
2013-11-05 13:41 ` Patrick McHardy
2013-11-05 15:01 ` Jiri Pirko
2013-11-05 15:39 ` Florian Westphal
2013-11-05 18:19 ` Patrick McHardy
2013-11-05 18:21 ` Jiri Pirko
2013-11-05 18:16 ` Patrick McHardy
2013-11-05 20:55 ` Jiri Pirko
2013-11-05 22:02 ` Patrick McHardy
2013-11-06 14:18 ` Jiri Pirko
2013-11-06 14:33 ` Florian Westphal
2013-11-06 14:44 ` Jiri Pirko
2013-11-06 14:51 ` Patrick McHardy [this message]
2013-11-06 15:29 ` Jiri Pirko
2013-11-06 16:12 ` Eric Dumazet
2013-11-05 11:02 ` [patch net-next 3/3] fix skb_morph to preserve skb->sk and skb->destructor pointers Jiri Pirko
2013-11-05 11:50 ` Marcelo Ricardo Leitner
2013-11-05 14:06 ` Eric Dumazet
2013-11-05 14:47 ` Jiri Pirko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131106145104.GA18406@macbook.localnet \
--to=kaber@trash.net \
--cc=alexander.h.duyck@intel.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=jasowang@redhat.com \
--cc=jiri@resnulli.us \
--cc=jmorris@namei.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=kuznet@ms2.inr.ac.ru \
--cc=mleitner@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=pshelar@nicira.com \
--cc=wensong@linux-vs.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.