From: John Heffner <jheffner@psc.edu>
To: Patrick McHardy <kaber@trash.net>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [PATCH 1/3] [NET] Do pmtu check in transport layer
Date: Mon, 09 Apr 2007 12:23:50 -0400 [thread overview]
Message-ID: <461A6896.1050308@psc.edu> (raw)
In-Reply-To: <4619FBEE.70103@trash.net>
Patrick McHardy wrote:
> John Heffner wrote:
>> Check the pmtu check at the transport layer (for UDP, ICMP and raw), and
>> send a local error if socket is PMTUDISC_DO and packet is too big. This is
>> actually a pure bugfix for ipv6. For ipv4, it allows us to do pmtu checks
>> in the same way as for ipv6.
>>
>> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
>> index d096332..593acf7 100644
>> --- a/net/ipv4/ip_output.c
>> +++ b/net/ipv4/ip_output.c
>> @@ -822,7 +822,9 @@ int ip_append_data(struct sock *sk,
>> fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
>> maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
>>
>> - if (inet->cork.length + length > 0xFFFF - fragheaderlen) {
>> + if (inet->cork.length + length > 0xFFFF - fragheaderlen ||
>> + (inet->pmtudisc >= IP_PMTUDISC_DO &&
>> + inet->cork.length + length > mtu)) {
>> ip_local_error(sk, EMSGSIZE, rt->rt_dst, inet->dport, mtu-exthdrlen);
>> return -EMSGSIZE;
>> }
>
>
> This makes ping report an incorrect MTU when IPsec is used since we're
> only accounting for the additional header_len, not the trailer_len
> (which is not easily changeable). Additionally it will report different
> MTUs for the first and following fragments when the socket is corked
> because only the first fragment includes the header_len. It also can't
> deal with things like NAT and routing by fwmark that change the route.
> The old behaviour was that we get an ICMP frag. required with the MTU
> of the final route, while this will always report the MTU of the
> initially chosen route.
>
> For all these reasons I think it should be reverted to the old
> behaviour.
You're right, this is no good. I think the other problems are fixable,
but NAT really screws this.
Unfortunately, there is still a real problem with ipv6, in that the
output side does not generate a packet too big ICMP like ipv4. Also, it
feels kind of undesirable be rely on local ICMP instead of direct error
message delivery. I'll try to generate a new patch.
Thanks,
-John
next prev parent reply other threads:[~2007-04-09 16:28 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-24 0:06 [PATCH 1/3] [NET] Do pmtu check in transport layer John Heffner
2007-03-24 0:06 ` [PATCH 2/3] [NET] Move DF check to ip_forward John Heffner
2007-03-24 0:06 ` [PATCH 3/3] [NET] Add IP(V6)_PMTUDISC_RPOBE John Heffner
2007-03-25 4:23 ` David Miller
2007-03-27 14:18 ` Andi Kleen
[not found] ` <4609640D.7010709@psc.edu>
[not found] ` <20070327193115.GA28138@one.firstfloor.org>
2007-03-27 19:52 ` [PATCH] ip(7) IP_PMTUDISC_PROBE John Heffner
2007-04-08 18:08 ` Michael Kerrisk
2007-03-25 4:17 ` [PATCH 2/3] [NET] Move DF check to ip_forward David Miller
2007-03-25 13:37 ` [NET]: Fix breakage, use ip_hdr() for DF check in ip_forward Thomas Graf
2007-03-25 20:27 ` David Miller
2007-03-25 4:14 ` [PATCH 1/3] [NET] Do pmtu check in transport layer David Miller
2007-04-09 8:40 ` Patrick McHardy
2007-04-09 16:23 ` John Heffner [this message]
2007-04-09 16:40 ` Patrick McHardy
2007-04-19 1:07 ` [PATCH 0/0] Re-try changes for PMTUDISC_PROBE John Heffner
2007-04-20 22:55 ` David Miller
2007-04-19 1:07 ` [PATCH] Revert "[NET] Add IP(V6)_PMTUDISC_RPOBE" John Heffner
2007-04-19 1:07 ` [PATCH] Revert "[NET] Do pmtu check in transport layer" John Heffner
2007-04-19 1:07 ` [PATCH] [NET] MTU discovery check in ip6_fragment() John Heffner
2007-04-19 1:07 ` [PATCH] [NET] Add IP(V6)_PMTUDISC_RPOBE John Heffner
2007-04-19 1:11 ` John Heffner
2007-04-19 1:25 ` David Miller
2007-04-19 1:09 ` [PATCH 1/4] Revert "[NET] Add IP(V6)_PMTUDISC_RPOBE" John Heffner
2007-04-19 1:09 ` [PATCH 2/4] Revert "[NET] Do pmtu check in transport layer" John Heffner
2007-04-19 1:09 ` [PATCH 3/4] [NET] MTU discovery check in ip6_fragment() John Heffner
2007-04-19 1:09 ` [PATCH 4/4] [NET] Add IP(V6)_PMTUDISC_RPOBE John Heffner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=461A6896.1050308@psc.edu \
--to=jheffner@psc.edu \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).