[Bug 48] conntrack breaks udp path mtu discovery

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Thu, 26 Feb 2004 00:30:58 +0100


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=48





------- Additional Comments From tatonet@tiscali.it  2004-02-26 00:30 -------
Hi Harald, sorry for bother you again. 
I agree with you that the solution I've proposed isn't applicable, but I think 
that conntrack really shouldn't break path MTU discovery. 
In IPv4 this conntrack behaviour (although is not correct) isn't a big problem 
because it produces IP datagrams with DF not set: intermediate routers can 
fragment again datagrams so that they can reach destination (source will think 
that it has guessed a good path MTU). 
However, now that netfilter has a new (experimental) l3-indipendent conntrack 
(developed by Yasuyuki Kozakai), we must face a similar problem with IPv6. UDP 
packets in IPv6 datagrams could be fragmented at source, but they will never be 
fragmented by intermediate routers.  
So if we follow the IPv4 conntrack modus operandi we will always produce IPv6 
fragments of a certain (output interface MTU ?) size independently of the size 
of original fragments. If source performs path MTU discovery and for that it 
has to reduce the size of fragments, conntrack will make it impossible. 
More generally, if we must modify original IPv6 fragments, we must preserve 
their size (or at least their maximum size)... 
 



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.