linux/net
Florian Westphal d6b915e29f ip_fragment: don't forward defragmented DF packet
We currently always send fragments without DF bit set.

Thus, given following setup:

mtu1500 - mtu1500:1400 - mtu1400:1280 - mtu1280
   A           R1              R2         B

Where R1 and R2 run linux with netfilter defragmentation/conntrack
enabled, then if Host A sent a fragmented packet _with_ DF set to B, R1
will respond with icmp too big error if one of these fragments exceeded
1400 bytes.

However, if R1 receives fragment sizes 1200 and 100, it would
forward the reassembled packet without refragmenting, i.e.
R2 will send an icmp error in response to a packet that was never sent,
citing mtu that the original sender never exceeded.

The other minor issue is that a refragmentation on R1 will conceal the
MTU of R2-B since refragmentation does not set DF bit on the fragments.

This modifies ip_fragment so that we track largest fragment size seen
both for DF and non-DF packets, and set frag_max_size to the largest
value.

If the DF fragment size is larger or equal to the non-df one, we will
consider the packet a path mtu probe:
We set DF bit on the reassembled skb and also tag it with a new IPCB flag
to force refragmentation even if skb fits outdev mtu.

We will also set DF bit on each fragment in this case.

Joint work with Hannes Frederic Sowa.

Reported-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-27 13:03:31 -04:00
..
6lowpan
9p 9p: patches for 4.1 merge window 2015-04-18 17:45:30 -04:00
802
8021q vlan: Correctly propagate promisc|allmulti flags in notifier. 2015-05-14 00:54:32 -04:00
appletalk net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
atm net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
ax25 net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
batman-adv dev: introduce dev_get_iflink() 2015-04-02 14:04:59 -04:00
bluetooth ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST 2015-05-25 13:25:33 -04:00
bridge bridge: skip fdb add if the port shouldn't learn 2015-05-25 20:29:54 -04:00
caif net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
can net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
ceph net: Add a struct net parameter to sock_create_kern 2015-05-11 10:50:17 -04:00
core tcp: tcp_tso_autosize() minimum is one packet 2015-05-26 23:21:29 -04:00
dcb net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
dccp inet: fix possible panic in reqsk_queue_unlink() 2015-04-24 11:39:15 -04:00
decnet net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
dns_resolver
dsa switchdev: don't use anonymous union on switchdev attr/obj structs 2015-05-13 14:20:59 -04:00
ethernet flow_dissect: use programable dissector in skb_flow_dissect and friends 2015-05-13 15:19:47 -04:00
hsr
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-13 14:31:43 -04:00
ipv4 ip_fragment: don't forward defragmented DF packet 2015-05-27 13:03:31 -04:00
ipv6 ipv6: ipv6_select_ident() returns a __be32 2015-05-25 20:27:11 -04:00
ipx net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
irda irda: use msecs_to_jiffies for conversion to jiffies 2015-05-25 17:46:21 -04:00
iucv net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
key net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
l2tp net: Modify sk_alloc to not reference count the netns of kernel sockets. 2015-05-11 10:50:18 -04:00
lapb
llc net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-23 01:22:35 -04:00
mac802154 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2015-05-09 15:51:00 -04:00
mpls mpls: Change reserved label names to be consistent with netbsd 2015-05-09 22:29:50 -04:00
netfilter ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags 2015-05-25 13:25:34 -04:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-23 01:22:35 -04:00
netrom net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
nfc net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
openvswitch geneve: Rename support library as geneve_core 2015-05-13 15:59:13 -04:00
packet net-packet: fix null pointer exception in rollover mode 2015-05-17 22:41:38 -04:00
phonet net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-13 14:31:43 -04:00
rfkill
rose net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
rxrpc net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-23 01:22:35 -04:00
sctp ipv6: Add rt6_get_cookie() function 2015-05-25 13:25:34 -04:00
sunrpc svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures 2015-05-04 12:02:40 -04:00
switchdev Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-23 01:22:35 -04:00
tipc tipc: fix bug in link protocol message create function 2015-05-26 19:43:03 -04:00
unix net: af_unix: implement splice for stream af_unix sockets 2015-05-25 00:06:59 -04:00
vmw_vsock net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
wimax
wireless cfg80211: change GO_CONCURRENT to IR_CONCURRENT for STA 2015-05-06 15:50:02 +02:00
x25 net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
xfrm net: make skb_dst_pop routine static 2015-05-12 23:19:49 -04:00
compat.c net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
Kconfig net: add CONFIG_NET_INGRESS to enable ingress filtering 2015-05-14 01:10:05 -04:00
Makefile mpls: Refactor how the mpls module is built 2015-03-04 00:26:06 -05:00
socket.c net: Add a struct net parameter to sock_create_kern 2015-05-11 10:50:17 -04:00
sysctl_net.c