[PATCH 3/3] Drop packets that are too large without dropping connection
Nikolay Martynov
mar.kolya at gmail.com
Fri May 12 15:43:39 PDT 2017
Hi.
Thanks for your response.
>
>> I'm not either. Perhaps David Woodhouse can weigh in on why he decided
>> to drop the connection when Juniper packets exceed the MTU (this was
>> added back in a47d69d3544e8d067c08aeb82e770daf8f635348).
>
> Because it was (supposedly!) a 'can never happen' condition.
>
> If they're actually going to send larger packets then — as long as we
> make bloody sure we're not going to overflow our allocations — I
> suspect we're better off actually receiving them. If they made them
> through, why drop? And if we *are* going to drop, shouldn't we be
> sending ICMP back?
It looks like I totally overlooked 'buffers may be to small' issue.
I'll work on next version of this patch to address this.
--
Martynov Nikolay.
Email: mar.kolya at gmail.com
More information about the openconnect-devel
mailing list