Maxime Bizon <mbi...@freebox.fr> wrote: > On Fri, 2015-05-22 at 21:26 +0200, Florian Westphal wrote: > > But it does happen, see e.g. following bug report: > > http://marc.info/?l=linux-netdev&m=139870308431986&w=2 > > > > Maxime, do you recall what type of traffic generates > > the DF-fragments you reported? > > Yep > > We are an ISP and provide our own home gateway to the subscribers, which > ends up routing traffic of a large range of end user devices. > > In that case, the frag+DF traffic was seen in an exchange between a > femtocell and a femto GW during the IPsec IKE exchange, more precisely > on the IKE_AUTH message sent from the femto GW.
Thanks, so it seems its used to push udp frag/defrag operation to end hosts. > You can contact me privately if you need more details. Its enough for me to know that this isn't random fluke, thanks. Dave, if you disagree, one possibility would be to strip DF bit on defrag/refrag when forwarding. However, I think that we should respect end host "wish", i.e. reject too big df fragment and also re-set DF on refrag so we don't conceal lower mtu in the network. Thanks, Florian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
