Generating 'Fragment Needed but DF was Set' ICMP & Dummynet
Alexander Motin
mav at alkar.net
Mon Feb 23 09:56:57 PST 2004
Max Laier wrote:
> On Monday 23 February 2004 17:25, Alexander Motin wrote:
>
>>Here are my patches for this problem for FreeBSD 4.8 and 5.2.
>>Review them please.
>
>
> Looks good, though you might want to make sure to update statistics
> (ipstat.ips_cantfrag++).
It is already incremented inside ip_output().
> And maybe lose the type and code vars - you
> don't really use them:
> - type = ICMP_UNREACH;
> - code = ICMP_UNREACH_HOST;
> - icmp_error(mcopy, type, code, 0, pkt->ifp);
> + icmp_error(mcopy, ICMP_UNREACH, ICMP_UNREACH_HOST,
> + 0, pkt->ifp);
Of course. As you wish. :)
> Also note that this patch will require some work after the MT_TAG remove
> http://people.freebsd.org/~mlaier/mt_tag_remove.diff as pkt is freed with
> the mbuf. I'll keep it in mind.
Yes, but this was only the sample to highlight the problem. :) There
also some part of code from ip_forward() about IPSEC MTU can be duplicated.
--
Alexander Motin mav at alkar.net
ISP "Alkar-Teleport"
More information about the freebsd-ipfw
mailing list