mirror of
https://github.com/torvalds/linux
synced 2024-10-01 00:39:03 +00:00
6aafeef03b
Pushing original fragments through causes several problems. For example for matching, frags may not be matched correctly. Take following example: <example> On HOSTA do: ip6tables -I INPUT -p icmpv6 -j DROP ip6tables -I INPUT -p icmpv6 -m icmp6 --icmpv6-type 128 -j ACCEPT and on HOSTB you do: ping6 HOSTA -s2000 (MTU is 1500) Incoming echo requests will be filtered out on HOSTA. This issue does not occur with smaller packets than MTU (where fragmentation does not happen) </example> As was discussed previously, the only correct solution seems to be to use reassembled skb instead of separete frags. Doing this has positive side effects in reducing sk_buff by one pointer (nfct_reasm) and also the reams dances in ipvs and conntrack can be removed. Future plan is to remove net/ipv6/netfilter/nf_conntrack_reasm.c entirely and use code in net/ipv6/reassembly.c instead. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| ip_vs_app.c | ||
| ip_vs_conn.c | ||
| ip_vs_core.c | ||
| ip_vs_ctl.c | ||
| ip_vs_dh.c | ||
| ip_vs_est.c | ||
| ip_vs_ftp.c | ||
| ip_vs_lblc.c | ||
| ip_vs_lblcr.c | ||
| ip_vs_lc.c | ||
| ip_vs_nfct.c | ||
| ip_vs_nq.c | ||
| ip_vs_pe.c | ||
| ip_vs_pe_sip.c | ||
| ip_vs_proto.c | ||
| ip_vs_proto_ah_esp.c | ||
| ip_vs_proto_sctp.c | ||
| ip_vs_proto_tcp.c | ||
| ip_vs_proto_udp.c | ||
| ip_vs_rr.c | ||
| ip_vs_sched.c | ||
| ip_vs_sed.c | ||
| ip_vs_sh.c | ||
| ip_vs_sync.c | ||
| ip_vs_wlc.c | ||
| ip_vs_wrr.c | ||
| ip_vs_xmit.c | ||
| Kconfig | ||
| Makefile | ||