From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Christian Perle <christian.perle@secunet.com>,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.4 13/62] net: ip: always refragment ip defragmented packets
Date: Fri, 15 Jan 2021 13:27:35 +0100 [thread overview]
Message-ID: <20210115121959.044430145@linuxfoundation.org> (raw)
In-Reply-To: <20210115121958.391610178@linuxfoundation.org>
From: Florian Westphal <fw@strlen.de>
[ Upstream commit bb4cc1a18856a73f0ff5137df0c2a31f4c50f6cf ]
Conntrack reassembly records the largest fragment size seen in IPCB.
However, when this gets forwarded/transmitted, fragmentation will only
be forced if one of the fragmented packets had the DF bit set.
In that case, a flag in IPCB will force fragmentation even if the
MTU is large enough.
This should work fine, but this breaks with ip tunnels.
Consider client that sends a UDP datagram of size X to another host.
The client fragments the datagram, so two packets, of size y and z, are
sent. DF bit is not set on any of these packets.
Middlebox netfilter reassembles those packets back to single size-X
packet, before routing decision.
packet-size-vs-mtu checks in ip_forward are irrelevant, because DF bit
isn't set. At output time, ip refragmentation is skipped as well
because x is still smaller than the mtu of the output device.
If ttransmit device is an ip tunnel, the packet size increases to
x+overhead.
Also, tunnel might be configured to force DF bit on outer header.
In this case, packet will be dropped (exceeds MTU) and an ICMP error is
generated back to sender.
But sender already respects the announced MTU, all the packets that
it sent did fit the announced mtu.
Force refragmentation as per original sizes unconditionally so ip tunnel
will encapsulate the fragments instead.
The only other solution I see is to place ip refragmentation in
the ip_tunnel code to handle this case.
Fixes: d6b915e29f4ad ("ip_fragment: don't forward defragmented DF packet")
Reported-by: Christian Perle <christian.perle@secunet.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -303,7 +303,7 @@ static int __ip_finish_output(struct net
if (skb_is_gso(skb))
return ip_finish_output_gso(net, sk, skb, mtu);
- if (skb->len > mtu || (IPCB(skb)->flags & IPSKB_FRAG_PMTU))
+ if (skb->len > mtu || IPCB(skb)->frag_max_size)
return ip_fragment(net, sk, skb, mtu, ip_finish_output2);
return ip_finish_output2(net, sk, skb);
next prev parent reply other threads:[~2021-01-15 12:56 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 12:27 [PATCH 5.4 00/62] 5.4.90-rc1 review Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 01/62] x86/asm/32: Add ENDs to some functions and relabel with SYM_CODE_* Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 02/62] vfio iommu: Add dma available capability Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 03/62] net: cdc_ncm: correct overhead in delayed_ndp_size Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 04/62] net: hns3: fix the number of queues actually used by ARQ Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 05/62] net: hns3: fix a phy loopback fail issue Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 06/62] net: stmmac: dwmac-sun8i: Balance internal PHY resource references Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 07/62] net: stmmac: dwmac-sun8i: Balance internal PHY power Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 08/62] net: vlan: avoid leaks on register_vlan_dev() failures Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 09/62] net/sonic: Fix some resource leaks in error handling paths Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 10/62] net: ipv6: fib: flush exceptions when purging route Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 11/62] tools: selftests: add test for changing routes with PTMU exceptions Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 12/62] net: fix pmtu check in nopmtudisc mode Greg Kroah-Hartman
2021-01-15 12:27 ` Greg Kroah-Hartman [this message]
2021-01-15 12:27 ` [PATCH 5.4 14/62] octeontx2-af: fix memory leak of lmac and lmac->name Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 15/62] nexthop: Fix off-by-one error in error path Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 16/62] nexthop: Unlink nexthop group entry " Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 17/62] s390/qeth: fix L2 header access in qeth_l3_osa_features_check() Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 18/62] net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 19/62] net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 20/62] net/mlx5e: ethtool, Fix restriction of autoneg with 56G Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 21/62] chtls: Fix hardware tid leak Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 22/62] chtls: Remove invalid set_tcb call Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 23/62] chtls: Fix panic when route to peer not configured Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 24/62] chtls: Replace skb_dequeue with skb_peek Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 25/62] chtls: Added a check to avoid NULL pointer dereference Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 26/62] chtls: Fix chtls resources release sequence Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 27/62] x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 28/62] x86/resctrl: Dont move a task to the same resource group Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 29/62] exfat: Month timestamp metadata accidentally incremented Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 30/62] vmlinux.lds.h: Add PGO and AutoFDO input sections Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 31/62] iio: imu: st_lsm6dsx: fix edge-trigger interrupts Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 32/62] HID: wacom: Fix memory leakage caused by kfifo_alloc Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 33/62] ARM: OMAP2+: omap_device: fix idling of devices during probe Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 34/62] i2c: sprd: use a specific timeout to avoid system hang up issue Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 35/62] dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 36/62] can: tcan4x5x: fix bittiming const, use common bittiming from m_can driver Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 5.4 37/62] can: m_can: m_can_class_unregister(): remove erroneous m_can_clk_stop() Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 38/62] can: kvaser_pciefd: select CONFIG_CRC32 Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 39/62] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 40/62] spi: spi-geni-qcom: Fix geni_spi_isr() NULL dereference in timeout case Greg Kroah-Hartman
2021-01-16 18:48 ` Nathan Chancellor
2021-01-17 12:54 ` Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 41/62] spi: stm32: FIFO threshold level - fix align packet size Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 42/62] i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 43/62] dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 44/62] dmaengine: xilinx_dma: check dma_async_device_register return value Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 45/62] dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 46/62] dmaengine: xilinx_dma: fix mixed_enum_type coverity warning Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 47/62] qed: select CONFIG_CRC32 Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 48/62] wil6210: " Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 49/62] block: rsxx: " Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 50/62] lightnvm: " Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 51/62] iommu/intel: Fix memleak in intel_irq_remapping_alloc Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 52/62] bpftool: Fix compilation failure for net.o with older glibc Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 53/62] net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 54/62] net/mlx5e: Fix two double free cases Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 55/62] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 56/62] wan: ds26522: select CONFIG_BITREVERSE Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 57/62] regulator: qcom-rpmh-regulator: correct hfsmps515 definition Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 58/62] net: mvpp2: disable force link UP during port init procedure Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 59/62] KVM: arm64: Dont access PMCR_EL0 when no PMU is available Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 60/62] block: fix use-after-free in disk_part_iter_next Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 61/62] net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 5.4 62/62] regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() Greg Kroah-Hartman
2021-01-15 16:19 ` [PATCH 5.4 00/62] 5.4.90-rc1 review Jon Hunter
2021-01-15 21:13 ` Shuah Khan
2021-01-15 21:19 ` Guenter Roeck
2021-01-16 4:17 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210115121959.044430145@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=christian.perle@secunet.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.