From: David Miller <davem@davemloft.net>
To: hannes@stressinduktion.org
Cc: johnwheffner@gmail.com, netdev@vger.kernel.org, eric.dumazet@gmail.com
Subject: Re: [PATCH net-next] ipv4: introduce ip_dst_mtu_secure and protect forwarding path against pmtu spoofing
Date: Thu, 19 Dec 2013 14:30:12 -0500 (EST) [thread overview]
Message-ID: <20131219.143012.205185984019527730.davem@davemloft.net> (raw)
In-Reply-To: <20131219121757.GD14429@order.stressinduktion.org>
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Thu, 19 Dec 2013 13:17:57 +0100
> Networking software on the end system which wants to guard against
> that kind of fragmentation can do so by using the various knobs to
> limit pmtu notification processing or use IP_PMTUDISC_INTERFACE to
> protect itself from sending fragments.
And that's part of where my irritation is coming from.
Applications have to opt-in to this new socket option based behavior,
but you're making the routing thing default to on.
And even if we default it to off, someone is going to cry and tell all
the distributions to turn it on in /etc/sysctl.conf, just like they
did for rp_filter. And they will. I don't have the strength and time
to fight every person who makes these decisions at all the major
distributions to explain to each and every one of them how foolish it
would be.
No end host should have rp_filter on. It unnecessarily makes our
routing lookups much more expensive for zero gain on an end host. But
people convinced the distributions that turning it on everywhere by
default was a good idea and it stuck.
I don't want to create a carrot for that kind of situation again.
next prev parent reply other threads:[~2013-12-19 19:30 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-15 2:23 [PATCH net-next] ipv4: introduce ip_dst_mtu_secure and protect forwarding path against pmtu spoofing Hannes Frederic Sowa
2013-12-18 22:34 ` David Miller
2013-12-18 23:54 ` Hannes Frederic Sowa
2013-12-18 23:55 ` John Heffner
2013-12-19 0:07 ` Hannes Frederic Sowa
2013-12-19 5:12 ` David Miller
2013-12-19 12:17 ` Hannes Frederic Sowa
2013-12-19 15:42 ` John Heffner
2013-12-19 19:30 ` David Miller [this message]
2013-12-19 23:53 ` Hannes Frederic Sowa
2013-12-20 0:33 ` David Miller
2013-12-20 0:44 ` Hannes Frederic Sowa
2013-12-20 10:21 ` David Laight
2014-01-02 17:57 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131219.143012.205185984019527730.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=johnwheffner@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).