From: Maxime Bizon <mbizon@freebox.fr>
To: Patrick McHardy <kaber@trash.net>, Eric Dumazet <edumazet@google.com>
Cc: davem@davemloft.net, netdev <netdev@vger.kernel.org>
Subject: problem forwarding IP fragments with DF bit set (caused by ipv4: fix path MTU discovery with connection tracking)
Date: Mon, 28 Apr 2014 18:37:36 +0200 [thread overview]
Message-ID: <1398703056.12635.41.camel@sakura.staff.proxad.net> (raw)
Hello Patrick & Eric,
After upgrading a router with a kernel that has patch 5f2d04f1f9 (ipv4:
fix path MTU discovery with connection tracking), some packets are not
forwarded anymore.
(note: kernel is 3.11.10, and conntrack is enabled)
Offending packets are IP fragments with DF bit set, MTU is the same on
both interfaces involved in forwarding. All received fragments are
(obviously) below MTU. The resulting packet after re-assembly is however
above MTU.
conntrack causes the packets to be re-assembled, but since the resulting
skb now has IP_DF set, it fails the (DF + MTU) test in ip_forward.c and
causes ICMP frag_needed to be sent.
Without the patch, the packet was (re-)fragmented in the output path
(but as the patch says, breaking PMTUD because original fragment size is
not considered).
--
Maxime
next reply other threads:[~2014-04-28 16:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 16:37 Maxime Bizon [this message]
2014-04-28 17:59 ` problem forwarding IP fragments with DF bit set (caused by ipv4: fix path MTU discovery with connection tracking) Maxime Bizon
2014-04-29 14:35 ` Patrick McHardy
2014-04-29 14:33 ` Patrick McHardy
2014-04-29 14:42 ` Maxime Bizon
2014-04-29 14:45 ` Patrick McHardy
2014-04-29 15:23 ` Maxime Bizon
2014-04-29 15:37 ` Eric Dumazet
2014-04-29 20:13 ` Florian Westphal
2014-04-30 14:34 ` Maxime Bizon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1398703056.12635.41.camel@sakura.staff.proxad.net \
--to=mbizon@freebox.fr \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).