bugzilla-daemon@netfilter.org
2003-Feb-14 08:02 UTC
[Bug 48] conntrack breaks udp path mtu discovery
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=48 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-14 09:02 ------- This is a really hard issue. The problem is that we _need_ to defragment at NF_IP_PRE_ROUTING in order to have the be able to do connection tracking. So at this point we would need to save the sizes of all individual fragments. This would enable us to re-fragment to exactly the same size at POST_ROUTING. Another obvious approach was to check for IP_DF and see if it is bigger than the MTU of the outgoing interface. The problem is: before we do conntrack at NF_IP_PRE_ROUTING we don't know what potential NAT bindings apply to this connection/packet - and thus don't know the outgoing interface [that's why it's called PRE_ROUTING]. And then, what happens if NAT has to resize (enlarge/shrink) a packet. How should we deal with this while re-fragmenting? I think this needs some good discussion at netfilter-devel... ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Feb-14 09:59 UTC
[Bug 48] conntrack breaks udp path mtu discovery
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=48 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |47 nThis| | ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.