All of lore.kernel.org
 help / color / mirror / Atom feed
From: Wolfgang Walter <linux@stwm.de>
To: netdev@vger.kernel.org,
	Hannes Frederic Sowa <hannes@stressinduktion.org>
Subject: Re: linux 3.13: problems with isatap tunnel device and UFO
Date: Sun, 09 Feb 2014 00:17:15 +0100	[thread overview]
Message-ID: <1581659.JtJ1UQaXJr@h2o.as.studentenwerk.mhn.de> (raw)
In-Reply-To: <20140207222227.GC16198@order.stressinduktion.org>

Am Freitag, 7. Februar 2014, 23:22:27 schrieb Hannes Frederic Sowa:
> Hi!
> 
> On Fri, Feb 07, 2014 at 07:17:40PM +0100, Wolfgang Walter wrote:
> > Am Freitag, 7. Februar 2014, 18:56:41 schrieb Hannes Frederic Sowa:
> > > Hi!
> > > 
> > > On Fri, Feb 07, 2014 at 06:47:07PM +0100, Wolfgang Walter wrote:
> > > > with kernel 3.13 I have a problem with isatap tunnels receiving
> > > > fragmented
> > > > ipv6 udp packets.
> > > 
> > > Which was the last known version that did work?
> > 
> > I think 3.12 had no problems, but I'm not sure. I test this tonight.

3.12 is indeed fine. But this is probably because of:

ethtool -k is0
....
udp-fragmentation-offload: off [fixed]
....


> 
> Could you give me a bit more details on your setup, please?
> 
> I just tested a setup with UFO packets in sit tunnels and it worked
> properly for me (on net).
> 

host A (which shows the problem with kernel 3.13):

$ ip addr ls eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:1111:2222:aaaa:0:5efe:c0a8:101/120 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::1322:33ff:fe44:5566/64 scope link 
       valid_lft forever preferred_lft forever

$ ip addr ls is0
14: is0: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group 
default 
    link/sit 192.168.1.1 brd 0.0.0.0
    inet6 2001:1111:2222:aaaa:0:5efe:c0a8:101/64 scope global dynamic 
       valid_lft 85977sec preferred_lft 13977sec
    inet6 fe80::5efe:c0a8:101/64 scope link 
       valid_lft forever preferred_lft forever



The other host B is in the same isatap-subnet (but a different ipv4-subnet):

$ ip addr ls eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether 11:22:33:44:55:ee brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::1322:33ff:fe44:55ee/64 scope link 
       valid_lft forever preferred_lft forever


$ ip addr ls is0
10: is0: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group 
default 
    link/sit 192.168.10.1 brd 0.0.0.0
    inet6 2001:1111:2222:aaaa:0:5efe:c0a8:a01/64 scope global dynamic 
       valid_lft 85977sec preferred_lft 13977sec
    inet6 fe80::5efe:c0a8:a01/64 scope link 
       valid_lft forever preferred_lft forever


The application I see this is strongswan (ikev2). When it establishes an 
connection it sends udp-packets to large for is0 (here 1316 data-bytes, 
strongswan says).

For the tests I unloaded the netfilter modules so there should be no 
interference with the firewall or conntrack etc.

Regards,
-- 
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts

  reply	other threads:[~2014-02-08 23:17 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-07 17:47 linux 3.13: problems with isatap tunnel device and UFO Wolfgang Walter
2014-02-07 17:56 ` Hannes Frederic Sowa
2014-02-07 18:17   ` Wolfgang Walter
2014-02-07 22:22     ` Hannes Frederic Sowa
2014-02-08 23:17       ` Wolfgang Walter [this message]
2014-02-11  2:44         ` Hannes Frederic Sowa
2014-02-11 17:42           ` Wolfgang Walter
2014-02-17 16:09             ` Hannes Frederic Sowa
2014-02-20  2:44               ` Hannes Frederic Sowa
2014-02-20  2:54                 ` Hannes Frederic Sowa
2014-02-21  0:43                 ` Cong Wang
2014-02-21  1:19                   ` Hannes Frederic Sowa
2014-02-23 21:05                     ` [PATCH net] ipv4: ipv6: better estimate tunnel header cut for correct ufo handling Hannes Frederic Sowa
2014-02-23 21:24                       ` [PATCH net v2] " Hannes Frederic Sowa
2014-02-23 23:48                         ` [PATCH net v3] " Hannes Frederic Sowa
2014-02-25 23:27                           ` David Miller
2014-02-26 13:47                             ` Hannes Frederic Sowa
2014-02-26 18:45                               ` David Miller
2014-03-07 14:13                           ` Wolfgang Walter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1581659.JtJ1UQaXJr@h2o.as.studentenwerk.mhn.de \
    --to=linux@stwm.de \
    --cc=hannes@stressinduktion.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.