From: Florian Westphal <fw@strlen.de>
To: Maxime Bizon <mbizon@freebox.fr>
Cc: Florian Westphal <fw@strlen.de>,
David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, hannes@stressinduktion.org
Subject: Re: [PATCH -next, V3 0/2] net: force refragmentation for DF reassembed skbs
Date: Tue, 26 May 2015 16:50:07 +0200 [thread overview]
Message-ID: <20150526145007.GF7817@breakpoint.cc> (raw)
In-Reply-To: <1432634245.17881.57.camel@sakura.staff.proxad.net>
Maxime Bizon <mbizon@freebox.fr> wrote:
> On Fri, 2015-05-22 at 21:26 +0200, Florian Westphal wrote:
> > But it does happen, see e.g. following bug report:
> > http://marc.info/?l=linux-netdev&m=139870308431986&w=2
> >
> > Maxime, do you recall what type of traffic generates
> > the DF-fragments you reported?
>
> Yep
>
> We are an ISP and provide our own home gateway to the subscribers, which
> ends up routing traffic of a large range of end user devices.
>
> In that case, the frag+DF traffic was seen in an exchange between a
> femtocell and a femto GW during the IPsec IKE exchange, more precisely
> on the IKE_AUTH message sent from the femto GW.
Thanks, so it seems its used to push udp frag/defrag operation to end
hosts.
> You can contact me privately if you need more details.
Its enough for me to know that this isn't random fluke, thanks.
Dave, if you disagree, one possibility would be to strip DF bit on
defrag/refrag when forwarding.
However, I think that we should respect end host "wish", i.e. reject too
big df fragment and also re-set DF on refrag so we don't conceal lower
mtu in the network.
Thanks,
Florian
next prev parent reply other threads:[~2015-05-26 14:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-22 14:32 [PATCH -next, V3 0/2] net: force refragmentation for DF reassembed skbs Florian Westphal
2015-05-22 14:32 ` [PATCH -next 1/2] net: ipv4: avoid repeated calls to ip_skb_dst_mtu helper Florian Westphal
2015-05-22 14:43 ` Hannes Frederic Sowa
2015-05-22 14:32 ` [PATCH -next 2/2] ip_fragment: don't forward defragmented DF packet Florian Westphal
2015-05-22 14:45 ` Hannes Frederic Sowa
2015-05-22 19:03 ` [PATCH -next, V3 0/2] net: force refragmentation for DF reassembed skbs David Miller
2015-05-22 19:26 ` Florian Westphal
2015-05-26 9:57 ` Maxime Bizon
2015-05-26 14:50 ` Florian Westphal [this message]
2015-05-22 22:52 ` Hannes Frederic Sowa
2015-05-27 17:04 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150526145007.GF7817@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=mbizon@freebox.fr \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).