Fix LAN->WAN ping failure with over MTU size on outgoing interface

[angus19]

Require support of nf_defrag_ipv4 and nf_defrag_ipv6 kernel modules.

[ayourtch]

What is the reason this code is specific to ICMP ?

If I grok it right, the reassembly code is generic, so it could work for all of the protocols ? As is this patch adds a very different behavior for the icmp vs other protocols, which seems very confusing to me from user point of view..

[angus19]

Yes, you're right that the reassembly code is generic but here for ICMP just.

ICMP or ICMPv6 is a special case or we cannot translate them properly...

Incoming v6 fragmented TCP/UDP isn't an issue. Since existing code does thing right already.

To handle incoming v4 fragmented TCP/UDP well that is the work after. I am not expecting everything to be defragged in nat46. We may leverage existing code and rely on a hash table to retain sport and dport in the first fragment. So second and beyond fragment get a chance to be translated successfully. Fragment identifier is the key to accomplish hash.

[ayourtch]

Actually you are right, i forgot we deal with fragmented v6 already…. So yeah I would say incoming fragmented v4 is a corner case that we can discard for now. I would really like at some point to set up the CI for this thing, as without the tests it’s a bit worrying to make bigger changes :) anyway, thanks for the clarification, I will merge this one !