[Bug 48] conntrack breaks udp path mtu discovery

[bugzilla-daemon@netfilter.org]

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=48





------- Additional Comments From tatonet@tiscali.it  2004-02-25 16:44 -------
Hi Harald, 
First of all I must say that I'm still studying conntrack, so it's likely that 
I'm wrong. 
When conntrack calls ip_defrag() (in ip_ct_gather_frags()), it passes a skb 
containing a fragment and, eventually, receives a skb containing the complete 
datagram.  
I think we could use the identification field in the fragment that causes 
ip_defrag to return a skb. 
We have to maintain a table with (identification, skb_address, max_frags_len) 
records.  
Each time ip_ct_gather_frags() calls ip_defrag() we update the max_frags_len 
field in the record with the right identification field (or we create a new 
record). When ip_defrag returns a skb, we fill skb_address field. 
On POST_ROUTING we have to check each skb against that table and, if an entry 
is found then we fragment the packet using max_frags_len and we can set the DF 
flag in each fragment. 
However, because we don't know if the kernel discards the fragments, we should 
have a timeout on each entry in the table. 
Can it work? I know, this approach sounds inefficient. Is it worth it? 
 



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.