From: YOSHIFUJI Hideaki <hideaki.yoshifuji@gmail.com>
To: Shan Wei <shanwei@cn.fujitsu.com>
Cc: Patrick McHardy <kaber@trash.net>,
David Miller <davem@davemloft.net>,
Alexey Dobriyan <adobriyan@gmail.com>,
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org,
"yoshfuji@linux-ipv6.org >> YOSHIFUJI Hideaki"
<yoshfuji@linux-ipv6.org>
Subject: Re: [RFC PATCH net-next 0/7 v2]IPv6:netfilter: defragment
Date: Thu, 11 Mar 2010 02:13:48 +0900 [thread overview]
Message-ID: <4B97D34C.4020509@gmail.com> (raw)
In-Reply-To: <4B88BE30.80206@cn.fujitsu.com>
Hi,
Shan Wei wrote:
> This patch-set solves the problem that an end host with IPv6 connection track enable
> can't send an ICMP "Fragment Reassembly Timeout" message when defaging timeout.
> And supports MIB counter about fragments reassembly e.g. Ip6ReasmTimeout, Ip6ReasmReqds,
> Ip6ReasmOKs, Ip6ReasmFails.
Well, because the context of defragment are different
from standard ones (e.g., In netfilter, defragment can
happen even on forwarding path, and the result is always
thrown away anyway), I think it is not a good idea to
touch standard MIB here. However I'm okay to increment
other stats like InDiscards, OurDiscards and netfilter
specific stats.
On the other hand, I'd even say we should NOT send
icmp here (at least by default) because standard routers
never send such packet.
Regards,
--yoshfuji
> patch-1,2,3: Introduce net namespace to conntrack and share netns_frags with IPv6 stack.
> But, IPv6 conntrack and IPv6 stack still keep separate fragment queue.
> Like IPv4, proc parameters of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh
> manage numbers and memory thresh size of both IPv6 conntrack fragment queue and
> IPv6 stack fragment queue.
>
> patch-4: Send an ICMP "Fragment Reassembly Timeout" message and record MIB counter
> when defraging timeout.
>
> patch-5,6,7: According to RFC4293, record MIB counter about fragments reassembly.
>
>
> This patch-set has been tested using IPv6 Ready Logo Phase-2 tool under host and router type.
>
> ---
> Shan Wei <shanwei@cn.fujitsu.com> (7):
> IPv6:netfilter: defrag: Handle sysctls about IPv6 conntrack defragment per-netns
> IPv6:netfilter: defrag: Introduce per-netns to conntrack and kill nf_init_frags
> IPv6:netfilter: defrag: Disable button half when reassembling a fragment
> IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeout" message when enabling connection track
> IPv6:netfilter: Record MIB counter when reassembling all fragments
> IPv6:netfilter: Record MIB counter after a fragment reached
> IPv6:netfilter: Add IPSTATS_MIB_REASMFAILS MIB counter value when evicting fragment queue
>
> Documentation/feature-removal-schedule.txt | 19 ++
> include/linux/skbuff.h | 5 +
> include/net/netns/ipv6.h | 1 +
> net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 7 +-
> net/ipv6/netfilter/nf_conntrack_reasm.c | 221 +++++++++++++++++++-----
> net/ipv6/route.c | 1 +
> 6 files changed, 208 insertions(+), 46 deletions(-)
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-03-10 17:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-27 6:39 [RFC PATCH net-next 0/7 v2]IPv6:netfilter: defragment Shan Wei
2010-03-10 17:13 ` YOSHIFUJI Hideaki [this message]
2010-03-11 9:16 ` Shan Wei
2010-03-13 13:47 ` YOSHIFUJI Hideaki
2010-03-15 16:27 ` Patrick McHardy
2010-03-23 16:28 ` YOSHIFUJI Hideaki
2010-03-23 17:16 ` Patrick McHardy
2010-03-23 18:58 ` YOSHIFUJI Hideaki
2010-03-23 20:10 ` Jozsef Kadlecsik
2010-03-25 4:20 ` YOSHIFUJI Hideaki
2010-03-25 9:23 ` Jozsef Kadlecsik
2010-03-25 14:14 ` YOSHIFUJI Hideaki
2010-03-25 10:25 ` Patrick McHardy
2010-03-25 8:38 ` Pascal Hambourg
2010-03-25 9:13 ` Shan Wei
2010-03-25 10:07 ` Jozsef Kadlecsik
2010-03-25 10:20 ` Patrick McHardy
2010-03-25 2:22 ` Shan Wei
2010-03-23 15:05 ` Patrick McHardy
2010-03-25 2:28 ` Shan Wei
2010-03-25 4:19 ` YOSHIFUJI Hideaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B97D34C.4020509@gmail.com \
--to=hideaki.yoshifuji@gmail.com \
--cc=adobriyan@gmail.com \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=shanwei@cn.fujitsu.com \
--cc=yasuyuki.kozakai@toshiba.co.jp \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).