[PATCH] xfrm:fragmented ipv4 tunnel packets in inner interface

Steffen Klassert steffen.klassert at secunet.com
Thu Sep 17 03:46:37 EDT 2020


On Tue, Sep 15, 2020 at 08:17:40PM +0800, lina.wang wrote:
> We didnot get the router's log, which is some operator's.Actually, after
> we patched, there is no such issue. Sometimes,router will return
> packet-too-big, most of times nothing returned,dropped silently

This looks like a broken router, we can't fix that in the code.

> On Tue, 2020-09-15 at 11:32 +0200, Steffen Klassert wrote:
> > On Tue, Sep 15, 2020 at 05:05:22PM +0800, lina.wang wrote:
> > > 
> > > Yes, DF bit is not set.
> > 
> > ...
> > 
> > > Those two packets are fragmented to one big udp packet, which payload is 1516B.
> > > After getting rid of tunnel header, it is also a udp packet, which payload is
> > > 1466 bytes.It didnot get any response for this packet.We guess it is dropped
> > > by router. Because if we reduced the length, it got response.
> > 
> > If the DF bit is not set, the router should fragment the packet. If it
> > does not do so, it is misconfigured. Do you have access to that router?
> 



More information about the linux-arm-kernel mailing list