> On 17 Sep 2020, at 00:16, Jeremy Harris <[email protected]> wrote:
>
> On 16/09/2020 09:11, Mark Andrews wrote:
>> There are a number of issues.
>
>> Stupid firewalls that block PTB messages. Solution, fragment at network MTU.
>
> Let me rephrase that for you: "Solution, fragment at network MTU (a
> value that you cannot efficiently discover).”
I meant what I said and you immature reply is not appreciated.
Well for IPv6 you do know that number (1280) and there are even setsockopt
values
that you can use to do that. You can even do this on a per packet basis using
sendmsg().
static void
use_min_mtu(isc__socket_t *sock) {
#if !defined(IPV6_USE_MIN_MTU) && !defined(IPV6_MTU)
UNUSED(sock);
#endif /* if !defined(IPV6_USE_MIN_MTU) && !defined(IPV6_MTU) */
#ifdef IPV6_USE_MIN_MTU
/* use minimum MTU */
if (sock->pf == AF_INET6) {
int on = 1;
(void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
(void *)&on, sizeof(on));
}
#endif /* ifdef IPV6_USE_MIN_MTU */
#if defined(IPV6_MTU)
/*
* Use minimum MTU on IPv6 sockets.
*/
if (sock->pf == AF_INET6) {
int mtu = 1280;
(void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU, &mtu,
sizeof(mtu));
}
#endif /* if defined(IPV6_MTU) */
}
For IPv4 you just ensure that the do not fragment bit is turned off in the IPv4
header and
avoid PMTUD problems that way.
> --
> Cheers,
> Jeremy
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
