Jan Engelhardt wrote: > On Tuesday 2010-03-23 13:04, Patrick McHardy wrote: >>>>> Setting IP_DF on the cloned skb could possibly lead to a Packet Too >>>>> Big being sent back to the original sender - which should probably be >>>>> avoided too. >>>> Indeed. This might also happen if the packet is passed through another >>>> router of course. >>> Right. So let's set IP_DF on the teed packet and let the sender >>> reduce its packet size to accomodate for the (hidden) tee route :) >>> >>> Is it ok if the Packet Too Big notification is received by the >>> original sender much later than an acknowledgement in reception to >>> the packet? >> I think its the responsibility of the admin to make sure that >> doesn't happen. > > Is that so? He's the one duplicating packets on purpose, so yes. > 1. sending the clone through a tunnel - admin can't do much about MTU getting > smaller here. It either happens locally (before encapsulation) or for the encapsulated packets, which isn't a problem. > 2. the PTB may take longer to reach the source due to internet > routing - nothing the admin can really influence either. He should make sure any messages generated in response to duplicated packets are not routed or dropped. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
