John Heffner wrote: > Patrick McHardy wrote: > >> This makes ping report an incorrect MTU when IPsec is used since we're >> only accounting for the additional header_len, not the trailer_len >> (which is not easily changeable). Additionally it will report different >> MTUs for the first and following fragments when the socket is corked >> because only the first fragment includes the header_len. It also can't >> deal with things like NAT and routing by fwmark that change the route. >> The old behaviour was that we get an ICMP frag. required with the MTU >> of the final route, while this will always report the MTU of the >> initially chosen route. >> >> For all these reasons I think it should be reverted to the old >> behaviour. > > > You're right, this is no good. I think the other problems are fixable, > but NAT really screws this.
Routing by fwmark is also unfixable and IPsec is quite hard. > Unfortunately, there is still a real problem with ipv6, in that the > output side does not generate a packet too big ICMP like ipv4. Also, it > feels kind of undesirable be rely on local ICMP instead of direct error > message delivery. I'll try to generate a new patch. I think its necessary since at the transport layer we simply don't have all the information about whats going to happen to a packet. IPv6 now also supports routing by fwmark, so it has the same problem if it doesn't generate packet too big messages. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
