* conntrack h323 reassembly
@ 2010-04-28 23:55 Stephen Hemminger
2010-04-29 9:56 ` Jan Engelhardt
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Hemminger @ 2010-04-28 23:55 UTC (permalink / raw)
To: Patrick McHardy, netfilter-devel
It seems that h323 conntrack module can't handle TCP fragments.
Is this a problem for other modules, or is it unique to H323?
More detail:
https://bugzilla.vyatta.com/show_bug.cgi?id=5127
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack h323 reassembly
2010-04-28 23:55 conntrack h323 reassembly Stephen Hemminger
@ 2010-04-29 9:56 ` Jan Engelhardt
2010-05-01 13:59 ` Pascal Hambourg
0 siblings, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2010-04-29 9:56 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: Patrick McHardy, netfilter-devel
On Thursday 2010-04-29 01:55, Stephen Hemminger wrote:
>It seems that h323 conntrack module can't handle TCP fragments.
>Is this a problem for other modules, or is it unique to H323?
>
>More detail:
> https://bugzilla.vyatta.com/show_bug.cgi?id=5127
Fragments should not normally happen, as nf_conntrack loads
nf_defrag.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack h323 reassembly
2010-04-29 9:56 ` Jan Engelhardt
@ 2010-05-01 13:59 ` Pascal Hambourg
2010-05-01 16:27 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Pascal Hambourg @ 2010-05-01 13:59 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Stephen Hemminger, Patrick McHardy, netfilter-devel
Jan Engelhardt a écrit :
> On Thursday 2010-04-29 01:55, Stephen Hemminger wrote:
>
>> It seems that h323 conntrack module can't handle TCP fragments.
>
> Fragments should not normally happen, as nf_conntrack loads
> nf_defrag.
What about IPv6 fragments ? IIUC the IPv6 conntrack only performs a
"virtual" reassembly. Can and do the conntrack helpers use the virtually
reassembled datagrams ?
(Although IIUC TCP fragmentation should be very unlikely, as the TCP
layer is informed about the path MTU and should adjust the segment size
accordingly.)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack h323 reassembly
2010-05-01 13:59 ` Pascal Hambourg
@ 2010-05-01 16:27 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2010-05-01 16:27 UTC (permalink / raw)
To: Pascal Hambourg; +Cc: Jan Engelhardt, Stephen Hemminger, netfilter-devel
Pascal Hambourg wrote:
> Jan Engelhardt a écrit :
>> On Thursday 2010-04-29 01:55, Stephen Hemminger wrote:
>>
>>> It seems that h323 conntrack module can't handle TCP fragments.
>> Fragments should not normally happen, as nf_conntrack loads
>> nf_defrag.
>
> What about IPv6 fragments ? IIUC the IPv6 conntrack only performs a
> "virtual" reassembly. Can and do the conntrack helpers use the virtually
> reassembled datagrams ?
>
> (Although IIUC TCP fragmentation should be very unlikely, as the TCP
> layer is informed about the path MTU and should adjust the segment size
> accordingly.)
Yes, the "virtual" reassembled packet is also passed to the helpers.
The message is most likely a false positive caused by non-H.323 traffic.
I'll switch it to pr_debug().
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-05-01 16:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-28 23:55 conntrack h323 reassembly Stephen Hemminger
2010-04-29 9:56 ` Jan Engelhardt
2010-05-01 13:59 ` Pascal Hambourg
2010-05-01 16:27 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).