From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: no reassembly for outgoing packets on RAW socket Date: Thu, 10 Jun 2010 12:04:56 +0200 Message-ID: <4C10B8C8.2050201@trash.net> References: <20100604112708.GA1958@jolsa.lab.eng.brq.redhat.com> <4C08EB85.3050900@trash.net> <20100607145558.GA1939@jolsa.lab.eng.brq.redhat.com> <4C0FA24A.7060907@trash.net> <20100610065631.GA1915@jolsa.lab.eng.brq.redhat.com> <4C10ACDC.6010108@trash.net> <20100610095312.GC1915@jolsa.lab.eng.brq.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, Netfilter Developer Mailing List To: Jiri Olsa Return-path: Received: from stinky.trash.net ([213.144.137.162]:56018 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753607Ab0FJKE7 (ORCPT ); Thu, 10 Jun 2010 06:04:59 -0400 In-Reply-To: <20100610095312.GC1915@jolsa.lab.eng.brq.redhat.com> Sender: netfilter-devel-owner@vger.kernel.org List-ID: Jiri Olsa wrote: > On Thu, Jun 10, 2010 at 11:14:04AM +0200, Patrick McHardy wrote: > >> Jiri Olsa wrote: >> >>> On Wed, Jun 09, 2010 at 04:16:42PM +0200, Patrick McHardy wrote: >>> >>> >>>>> If this is not the way, I'd appreciatte any hint.. my goal is >>>>> to put malformed packet on the wire (more frags bit set for a >>>>> non fragmented packet) >>>>> >>>>> >>>> I don't have any good suggestions besides adding a flag to the IPCB >>>> and skipping defragmentation based on that. >>>> >>>> >>> ok, >>> >>> I can see a way when I set this via setsockopt to the socket, >>> and check the value before the defragmentation.. would such a new >>> setsock option be acceptable? >>> >>> I'm not sure I can see a way via IPCB, AFAICS it's for skb bound flags >>> which arise during the skb processing. >>> >>> >> Yes, a socket option is basically what I was suggesting, using the >> IPCB to mark the packet. But just marking the socket is fine of >> course. >> >> >> > > one last thought before the socket option.. :) > > there's IP_HDRINCL option which is enabled for RAW sockets > (can be disabled later by setsockopt) > > The 'man 7 ip' says: > "the user supplies an IP header in front of the user data" > > but does not mention the outgoing defragmentation. > > It kind of looks to me more appropriate to preserve the user suplied > IP header.. moreover if there's a way to switch this off and have > netfilter defragmentation + connection tracking for RAW socket. > > please check the following patch.. > (there's no special need for the IPSKB_NODEFRAG, it could check the > socket->hdrincl flag directly..) > > thoughts? My main concern is that users might expect netfilter to properly track fragmented packets created using IP_HDRINCL.