This field exposes internal kernel GRO/GSO packet aggregation implementation details to userspace, provide a hint to the user to understand better when matching on this field. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- doc/payload-expression.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 06538832ec52..d12a7df78b08 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -134,6 +134,14 @@ Destination address | ipv4_addr |====================== +Careful with matching on *ip length*: If GRO/GSO is enabled, then the kernel +might aggregate several packets into one big packet that is larger than MTU. +If GRO/GSO maximum size is larger than 65535 (see man ip-link(8), specifically +gro_ipv6_max_size and gso_ipv6_max_size), then *ip length* might be 0 for such +jumbo packets. *meta length* allows you to match on the packet length +including the IP header size. If you want to perform heuristics on the +*ip length* field, then disable GRO/GSO. + ICMP HEADER EXPRESSION ~~~~~~~~~~~~~~~~~~~~~~ [verse] @@ -244,6 +252,14 @@ Destination address | ipv6_addr |======================= +Careful with matching on *ip6 length*: If GRO/GSO is enabled, then the kernel +might aggregate several packets into one big packet that is larger than MTU. +If GRO/GSO maximum size is larger than 65535 (see man ip-link(8), specifically +gro_ipv6_max_size and gso_ipv6_max_size), then *ip6 length* might be 0 for such +jumbo packets. *meta length* allows you to match on the packet length +including the IP header size. If you want to perform heuristics on the +*ip6 length* field, then disable GRO/GSO. + .Using ip6 header expressions ----------------------------- # matching if first extension header indicates a fragment -- 2.30.2
