All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit()
@ 2018-08-23 16:49 Alexey Kodanev
  2018-08-29  8:39 ` Steffen Klassert
  2018-08-30  0:52 ` David Miller
  0 siblings, 2 replies; 3+ messages in thread
From: Alexey Kodanev @ 2018-08-23 16:49 UTC (permalink / raw)
  To: netdev; +Cc: Steffen Klassert, David Miller, Alexey Kodanev

Before the commit d6990976af7c ("vti6: fix PMTU caching and reporting
on xmit") '!skb->ignore_df' check was always true because the function
skb_scrub_packet() was called before it, resetting ignore_df to zero.

In the commit, skb_scrub_packet() was moved below, and now this check
can be false for the packet, e.g. when sending it in the two fragments,
this prevents successful PMTU updates in such case. The next attempts
to send the packet lead to the same tx error. Moreover, vti6 initial
MTU value relies on PMTU adjustments.

This issue can be reproduced with the following LTP test script:
    udp_ipsec_vti.sh -6 -p ah -m tunnel -s 2000

Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
---
Not sure about xfrmi_xmit2(), it has a similar check for ignore_df...

 net/ipv6/ip6_vti.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 38dec9d..f48d196 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -481,7 +481,7 @@ static bool vti6_state_check(const struct xfrm_state *x,
 	}
 
 	mtu = dst_mtu(dst);
-	if (!skb->ignore_df && skb->len > mtu) {
+	if (skb->len > mtu) {
 		skb_dst_update_pmtu(skb, mtu);
 
 		if (skb->protocol == htons(ETH_P_IPV6)) {
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit()
  2018-08-23 16:49 [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit() Alexey Kodanev
@ 2018-08-29  8:39 ` Steffen Klassert
  2018-08-30  0:52 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: Steffen Klassert @ 2018-08-29  8:39 UTC (permalink / raw)
  To: Alexey Kodanev; +Cc: netdev, David Miller

On Thu, Aug 23, 2018 at 07:49:54PM +0300, Alexey Kodanev wrote:
> Before the commit d6990976af7c ("vti6: fix PMTU caching and reporting
> on xmit") '!skb->ignore_df' check was always true because the function
> skb_scrub_packet() was called before it, resetting ignore_df to zero.
> 
> In the commit, skb_scrub_packet() was moved below, and now this check
> can be false for the packet, e.g. when sending it in the two fragments,
> this prevents successful PMTU updates in such case. The next attempts
> to send the packet lead to the same tx error. Moreover, vti6 initial
> MTU value relies on PMTU adjustments.
> 
> This issue can be reproduced with the following LTP test script:
>     udp_ipsec_vti.sh -6 -p ah -m tunnel -s 2000
> 
> Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.")
> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
> ---
> Not sure about xfrmi_xmit2(), it has a similar check for ignore_df...
> 
>  net/ipv6/ip6_vti.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
> index 38dec9d..f48d196 100644
> --- a/net/ipv6/ip6_vti.c
> +++ b/net/ipv6/ip6_vti.c
> @@ -481,7 +481,7 @@ static bool vti6_state_check(const struct xfrm_state *x,
>  	}
>  
>  	mtu = dst_mtu(dst);
> -	if (!skb->ignore_df && skb->len > mtu) {
> +	if (skb->len > mtu) {
>  		skb_dst_update_pmtu(skb, mtu);

This looks OK to me. If I remember correct, the !skb->ignore_df
check was taken from the native xfrm6 PMTU handling. There this 
check makes sense because the packet can be still fragmented
along the way through the stack. In this case here it is too late
as we are about to TX the packet through the vti device. So
we should update to the new IPsec PMTU and notify the sender
about this.

Acked-by: Steffen Klassert <steffen.klassert@secunet.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit()
  2018-08-23 16:49 [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit() Alexey Kodanev
  2018-08-29  8:39 ` Steffen Klassert
@ 2018-08-30  0:52 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2018-08-30  0:52 UTC (permalink / raw)
  To: alexey.kodanev; +Cc: netdev, steffen.klassert

From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Thu, 23 Aug 2018 19:49:54 +0300

> Before the commit d6990976af7c ("vti6: fix PMTU caching and reporting
> on xmit") '!skb->ignore_df' check was always true because the function
> skb_scrub_packet() was called before it, resetting ignore_df to zero.
> 
> In the commit, skb_scrub_packet() was moved below, and now this check
> can be false for the packet, e.g. when sending it in the two fragments,
> this prevents successful PMTU updates in such case. The next attempts
> to send the packet lead to the same tx error. Moreover, vti6 initial
> MTU value relies on PMTU adjustments.
> 
> This issue can be reproduced with the following LTP test script:
>     udp_ipsec_vti.sh -6 -p ah -m tunnel -s 2000
> 
> Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.")
> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>

Applied and queued up for -stable, thank you.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-30  4:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-23 16:49 [PATCH net] vti6: remove !skb->ignore_df check from vti6_xmit() Alexey Kodanev
2018-08-29  8:39 ` Steffen Klassert
2018-08-30  0:52 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.