Jiri Olsa wrote: > On Thu, Jun 10, 2010 at 11:14:04AM +0200, Patrick McHardy wrote: > >> Jiri Olsa wrote: >> >>> On Wed, Jun 09, 2010 at 04:16:42PM +0200, Patrick McHardy wrote: >>> >>> >>>>> If this is not the way, I'd appreciatte any hint.. my goal is >>>>> to put malformed packet on the wire (more frags bit set for a >>>>> non fragmented packet) >>>>> >>>>> >>>> I don't have any good suggestions besides adding a flag to the IPCB >>>> and skipping defragmentation based on that. >>>> >>>> >>> ok, >>> >>> I can see a way when I set this via setsockopt to the socket, >>> and check the value before the defragmentation.. would such a new >>> setsock option be acceptable? >>> >>> I'm not sure I can see a way via IPCB, AFAICS it's for skb bound flags >>> which arise during the skb processing. >>> >>> >> Yes, a socket option is basically what I was suggesting, using the >> IPCB to mark the packet. But just marking the socket is fine of >> course. >> >> >> > > one last thought before the socket option.. :) > > there's IP_HDRINCL option which is enabled for RAW sockets > (can be disabled later by setsockopt) > > The 'man 7 ip' says: > "the user supplies an IP header in front of the user data" > > but does not mention the outgoing defragmentation. > > It kind of looks to me more appropriate to preserve the user suplied > IP header.. moreover if there's a way to switch this off and have > netfilter defragmentation + connection tracking for RAW socket. > > please check the following patch.. > (there's no special need for the IPSKB_NODEFRAG, it could check the > socket->hdrincl flag directly..) > > thoughts? My main concern is that users might expect netfilter to properly track fragmented packets created using IP_HDRINCL. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
