From: Andy Zhou <azhou@nicira.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Andy Zhou <azhou@nicira.com>
Subject: [net-next fragmentation icmp v4 0/4] fragmentation ICMP
Date: Wed, 13 May 2015 19:27:58 -0700 [thread overview]
Message-ID: <1431570482-9236-1-git-send-email-azhou@nicira.com> (raw)
Currently, we send ICMP packets when errors occur during fragmentation or
de-fragmentation. However, it is a bug when sending those ICMP packets
in the context of using netfilter for bridging.
Those ICMP packets are only expected in the context of routing, not in
bridging mode.
The local stack is not involved in bridging forward decisions, thus
should be not used for deciding the reverse path for those ICMP messages.
This bug only affects IPV4, not in IPv6.
---
v1->v2: restructure the patches into two patches that fix defragmentation and
fragmentation respectively.
A bit is add in IPCB to control whether ICMP packet should be
generated for defragmentation.
Fragmentation ICMP is now removed by restructuring the
ip_fragment() API.
v2->v3: Add droping icmp for bridging contrack users
drop exporting ip_fragment() API.
v3->v4: Remove unnecessary parentheses in 'return' statements
Andy Zhou (4):
ipv4: introduce frag_expire_skip_icmp()
IPv4: skip ICMP for bridge contrack users when defrag expires
bridge_netfilter: No ICMP packet on IPv4 defragmentation timeout
bridge_netfilter: No ICMP packet on IPv4 fragmentation error
include/net/inet_frag.h | 4 +++-
include/net/ip.h | 15 +++++++++++++--
net/bridge/br_netfilter.c | 26 +++++++++++++++++++++++++-
net/ipv4/ip_fragment.c | 25 ++++++++++++++++++++-----
net/ipv4/ip_output.c | 40 ++++++++++++++++++++++++++++------------
5 files changed, 89 insertions(+), 21 deletions(-)
--
1.9.1
next reply other threads:[~2015-05-14 2:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 2:27 Andy Zhou [this message]
2015-05-14 2:27 ` [net-next fragmentation icmp v4 1/4] ipv4: introduce frag_expire_skip_icmp() Andy Zhou
2015-05-14 2:28 ` [net-next fragmentation icmp v4 2/4] IPv4: skip ICMP for bridge contrack users when defrag expires Andy Zhou
2015-05-14 2:28 ` [net-next fragmentation icmp v4 3/4] bridge_netfilter: No ICMP packet on IPv4 defragmentation timeout Andy Zhou
2015-05-14 8:59 ` Florian Westphal
2015-05-14 19:54 ` Andy Zhou
2015-05-14 21:42 ` David Miller
2015-05-15 4:21 ` Andy Zhou
2015-05-14 2:28 ` [net-next fragmentation icmp v4 4/4] bridge_netfilter: No ICMP packet on IPv4 fragmentation error Andy Zhou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431570482-9236-1-git-send-email-azhou@nicira.com \
--to=azhou@nicira.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).