ahill/nftables
1
0
Fork 0
mirror of https://git.netfilter.org/nftables synced 2026-01-26 10:34:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: don't suggest to disable GSO

Browse Source 
The kernel can form aggregate packets whether or not GSO is enabled.
Disabling GSO is not a useful suggestion in this case.

Fixes: 05628cdd677d (doc: describe behaviour of {ip,ip6} length)
Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Ronan Pigott 2024-10-06 09:36:03 -07:00 committed by Florian Westphal
parent 31007975cc
commit 35cd3e7cff
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
doc/payload-expression.txt
View File

@ -134,13 +134,12 @@ Destination address |
ipv4_addr
|======================
Careful with matching on *ip length*: If GRO/GSO is enabled, then the Linux
kernel might aggregate several packets into one big packet that is larger than
MTU. Moreover, if GRO/GSO maximum size is larger than 65535 (see man ip-link(8),
specifically gro_ipv6_max_size and gso_ipv6_max_size), then *ip length* might
be 0 for such jumbo packets. *meta length* allows you to match on the packet
length including the IP header size. If you want to perform heuristics on the
*ip length* field, then disable GRO/GSO.
Careful with matching on *ip length*: The Linux kernel might aggregate several
packets into one big packet that is larger than MTU. Moreover, if GRO/GSO
maximum size is larger than 65535 (see man ip-link(8), specifically
gro_ipv4_max_size and gso_ipv4_max_size), then *ip length* might be 0 for such
jumbo packets. *meta length* allows you to match on the packet length including
the IP header size.
ICMP HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~
@ -252,13 +251,12 @@ Destination address |
ipv6_addr
|=======================
Careful with matching on *ip6 length*: If GRO/GSO is enabled, then the Linux
kernel might aggregate several packets into one big packet that is larger than
MTU. Moreover, if GRO/GSO maximum size is larger than 65535 (see man ip-link(8),
specifically gro_ipv6_max_size and gso_ipv6_max_size), then *ip6 length* might
be 0 for such jumbo packets. *meta length* allows you to match on the packet
length including the IP header size. If you want to perform heuristics on the
*ip6 length* field, then disable GRO/GSO.
Careful with matching on *ip6 length*: The Linux kernel might aggregate several
packets into one big packet that is larger than MTU. Moreover, if GRO/GSO
maximum size is larger than 65535 (see man ip-link(8), specifically
gro_max_size and gso_max_size), then *ip6 length* might be 0 for such
jumbo packets. *meta length* allows you to match on the packet length including
the IPv6 header size.
.Using ip6 header expressions
-----------------------------