* [PATCH ipsec] xfrm: interface: fix ipv4 pmtu check to honor ip header df
@ 2021-02-19 17:21 Eyal Birger
2021-02-20 13:01 ` [PATCH ipsec,v2] " Eyal Birger
0 siblings, 1 reply; 6+ messages in thread
From: Eyal Birger @ 2021-02-19 17:21 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba; +Cc: netdev, sd, Eyal Birger
Frag needed should only be sent if the header enables DF.
This fix allows packets larger than MTU to pass the xfrm interface
and be fragmented after encapsulation, aligning behavior with
non-interface xfrm.
Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
---
net/xfrm/xfrm_interface.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 697cdcfbb5e1..257b3c8b3995 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -304,13 +304,16 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
mtu = IPV6_MIN_MTU;
icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
- } else {
+ err = -EMSGSIZE;
+ goto tx_err_dst_release;
+ }
+
+ if (ip_hdr(skb)->frag_off & htons(IP_DF)) {
icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
htonl(mtu));
+ err = -EMSGSIZE;
+ goto tx_err_dst_release;
}
-
- dst_release(dst);
- return -EMSGSIZE;
}
xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df
@ 2021-02-20 13:01 ` Eyal Birger
2021-02-23 15:12 ` Sabrina Dubroca
0 siblings, 1 reply; 6+ messages in thread
From: Eyal Birger @ 2021-02-20 13:01 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba; +Cc: netdev, sd, Eyal Birger
Frag needed should only be sent if the header enables DF.
This fix allows packets larger than MTU to pass the xfrm interface
and be fragmented after encapsulation, aligning behavior with
non-interface xfrm.
Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
-----
v2: better align coding with ip_vti
---
net/xfrm/xfrm_interface.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 697cdcfbb5e1..3f42c2f15ba4 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -305,6 +305,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
} else {
+ if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+ goto xmit;
icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
htonl(mtu));
}
@@ -313,6 +315,7 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
return -EMSGSIZE;
}
+xmit:
xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = tdev;
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df
2021-02-20 13:01 ` [PATCH ipsec,v2] " Eyal Birger
@ 2021-02-23 15:12 ` Sabrina Dubroca
2021-02-23 15:24 ` Bram Yvahk
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Sabrina Dubroca @ 2021-02-23 15:12 UTC (permalink / raw)
To: Eyal Birger; +Cc: steffen.klassert, herbert, davem, kuba, netdev
2021-02-20, 15:01:15 +0200, Eyal Birger wrote:
> Frag needed should only be sent if the header enables DF.
>
> This fix allows packets larger than MTU to pass the xfrm interface
> and be fragmented after encapsulation, aligning behavior with
> non-interface xfrm.
>
> Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
> Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
>
> -----
>
> v2: better align coding with ip_vti
LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you
want to take care of it, or should I?
Either way, for this patch:
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
--
Sabrina
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df
2021-02-23 15:12 ` Sabrina Dubroca
@ 2021-02-23 15:24 ` Bram Yvahk
2021-02-23 15:37 ` Eyal Birger
2021-02-23 17:26 ` Steffen Klassert
2 siblings, 0 replies; 6+ messages in thread
From: Bram Yvahk @ 2021-02-23 15:24 UTC (permalink / raw)
To: Sabrina Dubroca
Cc: Eyal Birger, steffen.klassert, herbert, davem, kuba, netdev
On 23/02/2021 16:12, Sabrina Dubroca wrote:
> LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you
> want to take care of it, or should I?
>
See the thread
https://lore.kernel.org/netdev/1552865877-13401-1-git-send-email-bram-yvahk@mail.wizbit.be/
(I'm assuming the patches no longer applies cleanly but given that I was
ignored last time I will not be resubmitting them.)
--
Bram
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df
2021-02-23 15:12 ` Sabrina Dubroca
2021-02-23 15:24 ` Bram Yvahk
@ 2021-02-23 15:37 ` Eyal Birger
2021-02-23 17:26 ` Steffen Klassert
2 siblings, 0 replies; 6+ messages in thread
From: Eyal Birger @ 2021-02-23 15:37 UTC (permalink / raw)
To: Sabrina Dubroca
Cc: Steffen Klassert, herbert, David Miller, Jakub Kicinski,
Linux Kernel Network Developers
Hi,
On Tue, Feb 23, 2021 at 5:18 PM Sabrina Dubroca <sd@queasysnail.net> wrote:
>
> 2021-02-20, 15:01:15 +0200, Eyal Birger wrote:
> > Frag needed should only be sent if the header enables DF.
> >
> > This fix allows packets larger than MTU to pass the xfrm interface
> > and be fragmented after encapsulation, aligning behavior with
> > non-interface xfrm.
> >
> > Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
> > Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
> >
> > -----
> >
> > v2: better align coding with ip_vti
>
> LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you
> want to take care of it, or should I?
I can submit the same fix for vti{,6}.
>
> Either way, for this patch:
> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Thanks!
Eyal.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df
2021-02-23 15:12 ` Sabrina Dubroca
2021-02-23 15:24 ` Bram Yvahk
2021-02-23 15:37 ` Eyal Birger
@ 2021-02-23 17:26 ` Steffen Klassert
2 siblings, 0 replies; 6+ messages in thread
From: Steffen Klassert @ 2021-02-23 17:26 UTC (permalink / raw)
To: Sabrina Dubroca; +Cc: Eyal Birger, herbert, davem, kuba, netdev
On Tue, Feb 23, 2021 at 04:12:34PM +0100, Sabrina Dubroca wrote:
> 2021-02-20, 15:01:15 +0200, Eyal Birger wrote:
> > Frag needed should only be sent if the header enables DF.
> >
> > This fix allows packets larger than MTU to pass the xfrm interface
> > and be fragmented after encapsulation, aligning behavior with
> > non-interface xfrm.
> >
> > Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
> > Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
> >
> > -----
> >
> > v2: better align coding with ip_vti
>
> LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you
> want to take care of it, or should I?
>
> Either way, for this patch:
> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Applied, thanks everyone!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-02-23 17:27 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-19 17:21 [PATCH ipsec] xfrm: interface: fix ipv4 pmtu check to honor ip header df Eyal Birger
2021-02-20 13:01 ` [PATCH ipsec,v2] " Eyal Birger
2021-02-23 15:12 ` Sabrina Dubroca
2021-02-23 15:24 ` Bram Yvahk
2021-02-23 15:37 ` Eyal Birger
2021-02-23 17:26 ` Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).