It seems that we have two options: all is good with the tunnel path,
so in this case we use default "pmtudisc noignore-df". Or something
wrong and ICMP replies with "fragmentation needed" do not come back,
so in this case we use "nopmtudisc ignore-df". But I would leave the
possibility of selective
I'm not sure you want it to be unconditional.
When I wrote the option for netlink and iproute2, it was for some very
specialized scenarios.
> On Apr 24, 2023, at 3:14 AM, Stefan Hellermann wrote:
>
> I have an easier patch in my private repo, maybe it's enough without a new
> configuration o
I have an easier patch in my private repo, maybe it's enough without a
new configuration option? I'm using it in production for a gretap link
which is bridged on both sides to MTU 1500 ethernet links.
See https://bugzilla.kernel.org/show_bug.cgi?id=14837, which seems to
say you always have to
This is useful for GRE TAP tunnel when tunnel is added to a br-lan bridge.
In this case you need to create it with "nopmtudisc ignore-df". Otherwise
large IP-packets with DF=1 (TCP-data, large pings) will be silently dropped
(since DF=1 but stack failed to send ICMP "need fragmentation" back). But
