linux/include
Florian Westphal d6b915e29f ip_fragment: don't forward defragmented DF packet
We currently always send fragments without DF bit set.

Thus, given following setup:

mtu1500 - mtu1500:1400 - mtu1400:1280 - mtu1280
   A           R1              R2         B

Where R1 and R2 run linux with netfilter defragmentation/conntrack
enabled, then if Host A sent a fragmented packet _with_ DF set to B, R1
will respond with icmp too big error if one of these fragments exceeded
1400 bytes.

However, if R1 receives fragment sizes 1200 and 100, it would
forward the reassembled packet without refragmenting, i.e.
R2 will send an icmp error in response to a packet that was never sent,
citing mtu that the original sender never exceeded.

The other minor issue is that a refragmentation on R1 will conceal the
MTU of R2-B since refragmentation does not set DF bit on the fragments.

This modifies ip_fragment so that we track largest fragment size seen
both for DF and non-DF packets, and set frag_max_size to the largest
value.

If the DF fragment size is larger or equal to the non-df one, we will
consider the packet a path mtu probe:
We set DF bit on the reassembled skb and also tag it with a new IPCB flag
to force refragmentation even if skb fits outdev mtu.

We will also set DF bit on each fragment in this case.

Joint work with Hannes Frederic Sowa.

Reported-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-27 13:03:31 -04:00
..
acpi ACPICA: remove duplicate u8 typedef 2015-04-28 23:58:54 +02:00
asm-generic TTY/Serial patches for 4.1-rc1 2015-04-21 09:33:10 -07:00
clocksource
crypto
drm drm/radeon: add new bonaire pci id 2015-05-12 13:42:46 -04:00
dt-bindings Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-04-24 09:49:37 -07:00
keys
kvm
linux net: phy: Add phy_interface_is_rgmii helper 2015-05-27 00:27:35 -04:00
math-emu
media Merge branch 'patchwork' into v4l_for_linus 2015-04-21 06:12:35 -03:00
memory
misc
net ip_fragment: don't forward defragmented DF packet 2015-05-27 13:03:31 -04:00
pcmcia
ras
rdma IB/core: Fix unaligned accesses 2015-05-05 13:21:27 -04:00
rxrpc
scsi SCSI: add 1024 max sectors black list flag 2015-04-27 09:38:06 -07:00
soc
sound ASoC: Fixes for v4.1 2015-04-30 19:08:06 +02:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-04-24 10:22:09 -07:00
trace Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
uapi ipv6: Create percpu rt6_info 2015-05-25 13:25:35 -04:00
video fbdev changes for v4.1 2015-04-20 15:16:25 -07:00
xen xen/events: don't bind non-percpu VIRQs with percpu chip 2015-05-19 19:55:36 +01:00
Kbuild