clatd: update a comment about ipv6 frag handling

Test: N/A, comment only Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Id41148e01f5ea8e924bd7bdd09216178081a44c5

clatd: update a comment about ipv6 frag handling
bdcb8968 · Maciej Żenczykowski · f4ea712c · bdcb8968
Commit bdcb8968 authored 2 years ago by Maciej Żenczykowski
--- a/bpf_progs/clatd.c
+++ b/bpf_progs/clatd.c
@@ -91,6 +91,12 @@ static inline __always_inline int nat64(struct __sk_buff* skb,
    if (ip6->version != 6) return TC_ACT_PIPE;

    // Maximum IPv6 payload length that can be translated to IPv4
+    // Note: technically this check is too strict for an IPv6 fragment,
+    // which by virtue of stripping the extra 8 byte fragment extension header,
+    // could thus be 8 bytes larger and still fit in an ipv4 packet post
+    // translation.  However... who ever heard of receiving ~64KB frags...
+    // fragments are kind of by definition smaller than ingress device mtu,
+    // and thus, on the internet, very very unlikely to exceed 1500 bytes.
    if (ntohs(ip6->payload_len) > 0xFFFF - sizeof(struct iphdr)) return TC_ACT_PIPE;

    ClatIngress6Key k = {