cloudflare / pmtud Goto Github PK
View Code? Open in Web Editor NEWPath MTU daemon - broadcast lost ICMP packets on ECMP networks
License: BSD 3-Clause "New" or "Revised" License
Path MTU daemon - broadcast lost ICMP packets on ECMP networks
License: BSD 3-Clause "New" or "Revised" License
Just a quick issue I noticed while browsing the code. This would easily go undetected, because it appears that nflog_bind_pf() ignores second parameter and always binds for both AF_INET and AF_INET6. Thus "nflog_bind_pf(n->h, AF_INET6)" a few lines further hides the bug.
--- src/nflog.c.orig 2016-01-07 12:53:09.000000000 -0600
+++ src/nflog.c 2016-01-07 12:53:39.933119500 -0600
@@ -81,7 +81,7 @@
PFATAL("nflog_unbind_pf(AF_INET6)");
}
- r = nflog_unbind_pf(n->h, AF_INET);
+ r = nflog_bind_pf(n->h, AF_INET);
if (r < 0) {
PFATAL("nflog_bind_pf(AF_INET)");
}
I see at least 2 fixes which might be useful to get out into a tagged release
We were considering running pmtud, but needed to expand it to cover L3
use cases. During this work I discovered that handle_packet wasn't called
for every received packet. This appears to be the case for v0.6.
I suspected this was related to the interaction between the nonblocking
pcap interface and uevent system. So I tried to run the main loop as
pcap_loop instead which resulted in all packets beeing handled (and
ratelimited).
My test setup comprise a workstation (client) with curl, a router (r1)
running Debian, a subnet br1 with two Busybox nodes (n1, n2), and a
subnet br2 with two more Busybox nodes (n3, n4). The link from r1 to
client is restricted to mtu 600. See also pmtud-test-setup.svg.
For this case a service address is routed to n2, unless it is tcp in
which case it is routed to n1 using fwmarks. The client retrieves PNG
file from the service address, which triggers unreachable from r1 to n2.
The http transfer was successful, but tcpdump from n2 shows 5
received icmp-unreach while only one line of "10.0.4.1 transmitting
mtu=600 sport=-1". See case1-tcpdumps.txt.
When I modified the source to use pcap_loop all packets are handled
(in case2 it is 5 of them 2 forwarded and 3 rate limited). See
case2-tcpdumps.txt.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.