Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753288AbcKOQ5F convert rfc822-to-8bit (ORCPT ); Tue, 15 Nov 2016 11:57:05 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36486 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752176AbcKOQ5C (ORCPT ); Tue, 15 Nov 2016 11:57:02 -0500 Date: Tue, 15 Nov 2016 11:56:57 -0500 (EST) Message-Id: <20161115.115657.798577230951109692.davem@redhat.com> To: googuy@gmail.com Cc: kuznet@ms2.inr.ac.ru, jmorris@namei.org, yoshfuji@linux-ipv6.org, kaber@trash.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] icmp: Restore resistence to abnormal messages From: David Miller In-Reply-To: References: <20161111202018.13795-1-googuy@gmail.com> <20161114.133646.1687576478968660327.davem@davemloft.net> Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 15 Nov 2016 16:57:01 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1713 Lines: 38 From: Vicente Jim?nez Date: Tue, 15 Nov 2016 17:49:43 +0100 > On Mon, Nov 14, 2016 at 7:36 PM, David Miller wrote: >> From: Vicente Jimenez Aguilar >> Date: Fri, 11 Nov 2016 21:20:18 +0100 >> >>> @@ -819,6 +820,12 @@ static bool icmp_unreach(struct sk_buff *skb) >>> /* fall through */ >>> case 0: >>> info = ntohs(icmph->un.frag.mtu); >>> + /* Handle weird case where next hop MTU is >>> + * equal to or exceeding dropped packet size >>> + */ >>> + old_mtu = ntohs(iph->tot_len); >>> + if (info >= old_mtu) >>> + info = old_mtu - 2; >> >> This isn't something the old code did. >> >> The old code behaved much differently. >> > I don't wanted to restore old behavior just fix a strange case that > was handle by this code where the next hop MTU reported by the router > is equal or greater than the actual path MTU. Because router > information is wrong, we need a way to guess a good packet size > ignoring router data. The simplest strategy that avoid odd numbers is > reducing dropped packet size by 2. This whole approach seems arbitrary. You haven't discussed in any way, what causes this in the first place. And what about that cause makes simply subtracting by 2 work well or not. You have a very locallized, specific, situation on your end you want to fix. But we must accept changes that handle things generically and in a way that would help more than just your specific case.