• Lorenzo Colitti's avatar
    net: Use fwmark reflection in PMTU discovery. · 1b3c61dc
    Lorenzo Colitti authored
    Currently, routing lookups used for Path PMTU Discovery in
    absence of a socket or on unmarked sockets use a mark of 0.
    This causes PMTUD not to work when using routing based on
    netfilter fwmark mangling and fwmark ip rules, such as:
    
      iptables -j MARK --set-mark 17
      ip rule add fwmark 17 lookup 100
    
    This patch causes these route lookups to use the fwmark from the
    received ICMP error when the fwmark_reflect sysctl is enabled.
    This allows the administrator to make PMTUD work by configuring
    appropriate fwmark rules to mark the inbound ICMP packets.
    
    Black-box tested using user-mode linux by pointing different
    fwmarks at routing tables egressing on different interfaces, and
    using iptables mangling to mark packets inbound on each interface
    with the interface's fwmark. ICMPv4 and ICMPv6 PMTU discovery
    work as expected when mark reflection is enabled and fail when
    it is disabled.
    Signed-off-by: default avatarLorenzo Colitti <lorenzo@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    1b3c61dc
route.c 66.1 KB