From: Patrick McHardy <kaber@trash.net>
To: Jiri Olsa <jolsa@redhat.com>
Cc: netdev@vger.kernel.org,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: no reassembly for outgoing packets on RAW socket
Date: Thu, 10 Jun 2010 12:04:56 +0200 [thread overview]
Message-ID: <4C10B8C8.2050201@trash.net> (raw)
In-Reply-To: <20100610095312.GC1915@jolsa.lab.eng.brq.redhat.com>
Jiri Olsa wrote:
> On Thu, Jun 10, 2010 at 11:14:04AM +0200, Patrick McHardy wrote:
>
>> Jiri Olsa wrote:
>>
>>> On Wed, Jun 09, 2010 at 04:16:42PM +0200, Patrick McHardy wrote:
>>>
>>>
>>>>> If this is not the way, I'd appreciatte any hint.. my goal is
>>>>> to put malformed packet on the wire (more frags bit set for a
>>>>> non fragmented packet)
>>>>>
>>>>>
>>>> I don't have any good suggestions besides adding a flag to the IPCB
>>>> and skipping defragmentation based on that.
>>>>
>>>>
>>> ok,
>>>
>>> I can see a way when I set this via setsockopt to the socket,
>>> and check the value before the defragmentation.. would such a new
>>> setsock option be acceptable?
>>>
>>> I'm not sure I can see a way via IPCB, AFAICS it's for skb bound flags
>>> which arise during the skb processing.
>>>
>>>
>> Yes, a socket option is basically what I was suggesting, using the
>> IPCB to mark the packet. But just marking the socket is fine of
>> course.
>>
>>
>>
>
> one last thought before the socket option.. :)
>
> there's IP_HDRINCL option which is enabled for RAW sockets
> (can be disabled later by setsockopt)
>
> The 'man 7 ip' says:
> "the user supplies an IP header in front of the user data"
>
> but does not mention the outgoing defragmentation.
>
> It kind of looks to me more appropriate to preserve the user suplied
> IP header.. moreover if there's a way to switch this off and have
> netfilter defragmentation + connection tracking for RAW socket.
>
> please check the following patch..
> (there's no special need for the IPSKB_NODEFRAG, it could check the
> socket->hdrincl flag directly..)
>
> thoughts?
My main concern is that users might expect netfilter to properly
track fragmented packets created using IP_HDRINCL.
next prev parent reply other threads:[~2010-06-10 10:04 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-04 11:27 no reassembly for outgoing packets on RAW socket Jiri Olsa
2010-06-04 12:03 ` Patrick McHardy
2010-06-07 14:55 ` Jiri Olsa
2010-06-09 14:16 ` Patrick McHardy
2010-06-09 15:15 ` Jan Engelhardt
2010-06-09 15:16 ` Patrick McHardy
2010-06-09 15:20 ` Jan Engelhardt
2010-06-10 6:57 ` Jiri Olsa
2010-06-10 6:56 ` Jiri Olsa
2010-06-10 9:14 ` Patrick McHardy
2010-06-10 9:53 ` Jiri Olsa
2010-06-10 10:04 ` Patrick McHardy [this message]
2010-06-11 8:16 ` Jiri Olsa
2010-06-11 9:53 ` Jan Engelhardt
2010-06-11 13:10 ` Jiri Olsa
2010-06-15 6:53 ` [PATCH] net: IP_NODEFRAG option for IPv4 socket Jiri Olsa
2010-06-15 7:13 ` Eric Dumazet
2010-06-15 9:18 ` Jiri Olsa
2010-06-15 9:49 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C10B8C8.2050201@trash.net \
--to=kaber@trash.net \
--cc=jolsa@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.