From owner-freebsd-net@FreeBSD.ORG  Fri Jul 20 22:57:36 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8700316A41A
	for <freebsd-net@FreeBSD.org>; Fri, 20 Jul 2007 22:57:36 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outE.internet-mail-service.net (outE.internet-mail-service.net
	[216.240.47.228])
	by mx1.freebsd.org (Postfix) with ESMTP id 67B5413C45B
	for <freebsd-net@FreeBSD.org>; Fri, 20 Jul 2007 22:57:36 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160)
	by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP;
	Fri, 20 Jul 2007 15:57:34 -0700
Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100])
	by idiom.com (Postfix) with ESMTP id 449CE125AE2;
	Fri, 20 Jul 2007 15:57:34 -0700 (PDT)
Message-ID: <46A13DF8.6010202@elischer.org>
Date: Fri, 20 Jul 2007 15:58:00 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604)
MIME-Version: 1.0
To: Eli Dart <dart@es.net>
References: <200707150237.l6F2bAgZ011098@redrock.karels.net>	<469E0FFF.8070802@seclark.us>	<20070720172021.8EA3D13C4B3@mx1.freebsd.org>	<46A10063.9010902@elischer.org>
	<46A10860.50804@es.net> <46A13891.5040201@elischer.org>
In-Reply-To: <46A13891.5040201@elischer.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@FreeBSD.org
Subject: Re: 6.2 mtu now limits size of incomming packet
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2007 22:57:36 -0000

Julian Elischer wrote:
> Eli Dart wrote:
>> see below...
>>
>> Julian Elischer wrote:
>>> Eli Dart wrote:
>>>>
>>>>
>>>> Stephen Clark wrote:
>>>>
>>>>>>
>>>>> So was any decision reached on this issue - will FreeBSD changed
>>>>> to accept a packet on an interface that is larger than the mtu on
>>>>> that interface?
>>>>
>>>> If possible, I'd like to see the ability to enforce interface MTU
>>>> for received packets preserved in a sysctl if it is removed for the
>>>>  default config...  In other words, something like:
>>>>
>>>> net.link.mtu_limits_received_pktsize = 0|1
>>>>
>>>> Then, default it to 0 to preserve 4.x behavior.
>>>
>>> what would this achieve?
>>>
>>> Answering himself.. it MAY allow a driver to optimise a bit by not 
>>> needing to cope with the posibility of receiving jubo packets? I can
>>> not think of any other reason.. (except to break networks that are 
>>> apparently working fine).
>>
>> The networks that are apparently working fine are most likely 
>> misconfigured, IMHO.
>>
>> Others have made a case for permitting an interface to accept as large 
>> a packet as it can, regardless of configured MTU.  That's fine for 
>> theory.
>>
>> My operational experience leads me to a different place.  If an 
>> interface receives a packet that is larger than its configured MTU, I 
>> would prefer that the packet be dropped as a giant and a giants 
>> counter  incremented, regardless of whether the hardware can 
>> theoretically receive the packet.  In modern networks, an MTU mismatch 
>> within a broadcast domain indicates a broken network, IMHO.  If the 
>> devices in the network are configured to enforce MTU for both tx and 
>> rx, more problems get spotted during turnup, rather than surfacing 
>> later on as difficult-to-diagnose problems that users only call about 
>> after they are truly frustrated.  And, if you have a giants counter 
>> (or input error counter) you can look at, it makes it straightforward 
>> to spot the problem.
>>
>> (one could also stretch a bit and say that enforcing MTU on rx might 
>> provide less surprise to code that consumes packets and has knowledge 
>> of the MTU setting of an interface.....unfortunately I don't know 
>> enough about the details of the network stack to know if this is a 
>> real concern)
> 
> then we should have an MRU value.
> mtu is mTu
> 
> note that if the following code is what is doing it, it is only enabled in
> DIAGNOSTIC mode anyhow.
> 
> #ifdef DIAGNOSTIC
>        if (m->m_pkthdr.len >
>            ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS) &&
>            (ifp->if_capenable & IFCAP_LRO) == 0) {
>                if_printf(ifp, "discard oversize frame "
>                                "(ether type %x flags %x len %u > max 
> %lu)\n",
>                                etype, m->m_flags, m->m_pkthdr.len,
>                                ETHER_MAX_FRAME(ifp, etype,
>                                                m->m_flags & M_HASFCS));
>                ifp->if_ierrors++;                m_freem(m);
>                return;
>        }

in 6.1 that  would become:
diff -u -r1.193.2.10 if_ethersubr.c
--- if_ethersubr.c      4 Mar 2006 09:23:34 -0000       1.193.2.10
+++ if_ethersubr.c      20 Jul 2007 22:52:43 -0000
@@ -99,6 +99,8 @@
 extern u_char  aarp_org_code[3];
 #endif /* NETATALK */
 
+static int mtu_is_mru = 0;
+
 /* netgraph node hooks for ng_ether(4) */
 void   (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp);
 void   (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m);
@@ -536,16 +559,18 @@
        }
        eh = mtod(m, struct ether_header *);
        etype = ntohs(eh->ether_type);
-       if (m->m_pkthdr.len >
-           ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS)) {
-               if_printf(ifp, "discard oversize frame "
-                               "(ether type %x flags %x len %u > max %lu)\n",
-                               etype, m->m_flags, m->m_pkthdr.len,
-                               ETHER_MAX_FRAME(ifp, etype,
-                                               m->m_flags & M_HASFCS));
-               ifp->if_ierrors++;
-               m_freem(m);
-               return;
+       if (mtu_is_mru) {
+               if (m->m_pkthdr.len >
+                   ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS)) {
+                       if_printf(ifp, "discard oversize frame "
+                                       "(ether type %x flags %x len %u > max %lu)\n",
+                                       etype, m->m_flags, m->m_pkthdr.len,
+                                       ETHER_MAX_FRAME(ifp, etype,
+                                                       m->m_flags & M_HASFCS));
+                       ifp->if_ierrors++;
+                       m_freem(m);
+                       return;
+               }
        }
        if (m->m_pkthdr.rcvif == NULL) {
                if_printf(ifp, "discard frame w/o interface pointer\n");
@@ -931,9 +982,11 @@
 
 SYSCTL_DECL(_net_link);
 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet");
+SYSCTL_INT(_net_link_ether, OID_AUTO, MTUisMRU, CTLFLAG_RW,
+           &mtu_is_mru,0,"Allow MTU to limit recieved packet size");
 #if defined(INET) || defined(INET6)
 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW,
            &ether_ipfw,0,"Pass ether pkts through firewall");
 #endif
 
 #if 0





possibly wrapped in #ifdef MTUISMRU
so people could avoid the extra overhead.