From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA7CBC5517A for ; Tue, 27 Oct 2020 14:20:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BE1ED2072D for ; Tue, 27 Oct 2020 14:20:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603808433; bh=kbOY2toJ/pvps4g8v5VPMd1SVHto7nSjTgf55VPuK3o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=U4RENdno/5KIRqT/cJLlYvfABA9QLl9lAUybNAA/4IlDtd09q1JR1TSvJXx82hejc 91YKdRQp4tc81lIMfWVhMrZP7vN4mjtRvZ27QSsqIuxYviFoNEAGzZj/RxM106tZFh nfzl2t3KH8YXFM39PU/M6Y6xU81ApV0gTxg/mjiI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757711AbgJ0OTy (ORCPT ); Tue, 27 Oct 2020 10:19:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:41100 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2900957AbgJ0ORv (ORCPT ); Tue, 27 Oct 2020 10:17:51 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9AAD3206FA; Tue, 27 Oct 2020 14:17:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603808271; bh=kbOY2toJ/pvps4g8v5VPMd1SVHto7nSjTgf55VPuK3o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rIignq3Xdx2iwanTTA9Idiau2lpL9RLWRmQr7cp4/7vLwL/7OPBoLk1pzFtAbAvWs 2dCdQLa3dPYLuDXiOpQixxa1RoSouAFVMnu6GCR9vOCtbpKrYNmjWMZH7JYQ34wbPP upN6/EEGTJBzgbu5j+5gho7bLFlQBbf/kL+b2vUc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Maciej=20=C5=BBenczykowski?= , Eric Dumazet , Willem de Bruijn , Lorenzo Colitti , "Sunmeet Gill (Sunny)" , Vinay Paradkar , Tyler Wear , David Ahern Subject: [PATCH 4.19 011/264] net/ipv4: always honour route mtu during forwarding Date: Tue, 27 Oct 2020 14:51:09 +0100 Message-Id: <20201027135431.191298926@linuxfoundation.org> X-Mailer: git-send-email 2.29.1 In-Reply-To: <20201027135430.632029009@linuxfoundation.org> References: <20201027135430.632029009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Maciej Żenczykowski" [ Upstream commit 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 ] Documentation/networking/ip-sysctl.txt:46 says: ip_forward_use_pmtu - BOOLEAN By default we don't trust protocol path MTUs while forwarding because they could be easily forged and can lead to unwanted fragmentation by the router. You only need to enable this if you have user-space software which tries to discover path mtus by itself and depends on the kernel honoring this information. This is normally not the case. Default: 0 (disabled) Possible values: 0 - disabled 1 - enabled Which makes it pretty clear that setting it to 1 is a potential security/safety/DoS issue, and yet it is entirely reasonable to want forwarded traffic to honour explicitly administrator configured route mtus (instead of defaulting to device mtu). Indeed, I can't think of a single reason why you wouldn't want to. Since you configured a route mtu you probably know better... It is pretty common to have a higher device mtu to allow receiving large (jumbo) frames, while having some routes via that interface (potentially including the default route to the internet) specify a lower mtu. Note that ipv6 forwarding uses device mtu unless the route is locked (in which case it will use the route mtu). This approach is not usable for IPv4 where an 'mtu lock' on a route also has the side effect of disabling TCP path mtu discovery via disabling the IPv4 DF (don't frag) bit on all outgoing frames. I'm not aware of a way to lock a route from an IPv6 RA, so that also potentially seems wrong. Signed-off-by: Maciej Żenczykowski Cc: Eric Dumazet Cc: Willem de Bruijn Cc: Lorenzo Colitti Cc: Sunmeet Gill (Sunny) Cc: Vinay Paradkar Cc: Tyler Wear Cc: David Ahern Reviewed-by: Eric Dumazet Signed-off-by: Greg Kroah-Hartman --- include/net/ip.h | 6 ++++++ 1 file changed, 6 insertions(+) --- a/include/net/ip.h +++ b/include/net/ip.h @@ -399,12 +399,18 @@ static inline unsigned int ip_dst_mtu_ma bool forwarding) { struct net *net = dev_net(dst->dev); + unsigned int mtu; if (net->ipv4.sysctl_ip_fwd_use_pmtu || ip_mtu_locked(dst) || !forwarding) return dst_mtu(dst); + /* 'forwarding = true' case should always honour route mtu */ + mtu = dst_metric_raw(dst, RTAX_MTU); + if (mtu) + return mtu; + return min(READ_ONCE(dst->dev->mtu), IP_MAX_MTU); }