Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 May 2006 11:53:24 +1200
From:      Andrew Thompson <thompsa@freebsd.org>
To:        Pyun YongHyeon <pyunyh@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: broken ip checksum after frag reassemble of nfs READDIR?
Message-ID:  <20060508235324.GD16485@heff.fud.org.nz>
In-Reply-To: <20060508233357.GA6572@cdnetworks.co.kr>
References:  <20060402054532.GF17711@egr.msu.edu> <20060404145704.GW2684@insomnia.benzedrine.cx> <20060404153443.GX2684@insomnia.benzedrine.cx> <200604051441.16865.max@love2party.net> <20060405130645.GB5683@insomnia.benzedrine.cx> <20060416053023.GD56603@heff.fud.org.nz> <20060508154929.GS30200@egr.msu.edu> <20060508233357.GA6572@cdnetworks.co.kr>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 09, 2006 at 08:33:57AM +0900, Pyun YongHyeon wrote:
> On Mon, May 08, 2006 at 11:49:30AM -0400, Adam McDougall wrote:
>  > On Sun, Apr 16, 2006 at 05:30:23PM +1200, Andrew Thompson wrote:
>  > 
>  >   On Wed, Apr 05, 2006 at 03:06:45PM +0200, Daniel Hartmeier wrote:
>  >   > On Wed, Apr 05, 2006 at 02:41:09PM +0200, Max Laier wrote:
>  >   > 
>  >   > > The other big problem that just crossed my mind:  Reassembly in the bridge 
>  >   > > path!?  It doesn't look like the current bridge code on either OS is ready to 
>  >   > > deal with packets > MTU coming out of the filter.  The question here is 
>  >   > > probably how much IP processing we want to do in the bridge code?
>  >   > 
>  >   > OpenBSD's bridge does, see bridge_fragment(). IIRC, we slightly adjusted
>  >   > ip_fragment() so it could be called from there, and not too much code
>  >   > had to be duplicated.
>  >   > 
>  >   
>  >   Here is a patch that adds fragmenting, largely based on whats in
>  >   OpenBSD. I didnt bring over bridge_send_icmp_err() as we can only get a
>  >   large packet to fragment by reassembling a previous fragment, checking
>  >   for DF and sending an icmp doesnt apply to us.
>  >   
> 
> As You can get jumbo frames(which is common feature for modern GigE)
> you should be prepared to fragment the frame. Because you may
> get the first ethernet member's MTU for bridge(4) there is still
> chance to get other sized MTU which could be larger than the first
> ethernet member's MTU. Personally I beleive OpenBSD's
> bridge_send_icmp_err() or equivalent is needed for FreeBSD too.

The bridge will take the MTU of the first interface but it also enforces
subsequent interfaces to have the same value. Im not keen to allow
bridging of different MTU sizes like OpenBSD allows and it only works
for IP traffic anyway. A bridge is layer2, not layer3.

  /* Allow the first Ethernet member to define the MTU */
  if (ifs->if_type != IFT_GIF) {
  	if (LIST_EMPTY(&sc->sc_iflist))
  		sc->sc_ifp->if_mtu = ifs->if_mtu;
  	else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
  		if_printf(sc->sc_ifp, "invalid MTU for %s\n",
  		    ifs->if_xname);
  		return (EINVAL);
  	}
  }


cheers,
Andrew



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508235324.GD16485>