From: Jiri Bohac <jbohac@suse.cz>
To: Sabrina Dubroca <sd@queasysnail.net>,
Steffen Klassert <steffen.klassert@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Mike Maloney <maloneykernel@gmail.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
netdev@vger.kernel.org
Subject: xfrm regression: TCP MSS calculation broken by commit b515d263, results in TCP stall
Date: Fri, 14 Jan 2022 18:31:33 +0100 [thread overview]
Message-ID: <20220114173133.tzmdm2hy4flhblo3@dwarf.suse.cz> (raw)
Hello,
our customer found that commit
b515d2637276a3810d6595e10ab02c13bfd0b63a ("xfrm: xfrm_state_mtu
should return at least 1280 for ipv6") in v5.14 breaks the TCP
MSS calculation in ipsec transport mode, resulting complete
stalls of TCP connections. This happens when the (P)MTU is 1280
or slighly larger.
The desired formula for the MSS is:
MSS = (MTU - ESP_overhead) - IP header - TCP header
However, the above patch clamps the (MTU - ESP_overhead) to a
minimum of 1280, turning the formula into
MSS = max(MTU - ESP overhead, 1280) - IP header - TCP header
With the (P)MTU near 1280, the calculated MSS is too large and
the resulting TCP packets never make it to the destination
because they are over the actual PMTU.
Trying to fix the exact same problem as the broken patch, which I
was unaware of, I sent an alternative patch in this thread of
April 2021:
https://lore.kernel.org/netdev/20210429170254.5grfgsz2hgy2qjhk@dwarf.suse.cz/
(note the v1 is broken and followed by v2!)
In that thread I also found other problems with
b515d2637276a3810d6595e10ab02c13bfd0b63a - in tunnel mode it
causes suboptimal double fragmentation:
https://lore.kernel.org/netdev/20210429202529.codhwpc7w6kbudug@dwarf.suse.cz/
I therefore propose to revert
b515d2637276a3810d6595e10ab02c13bfd0b63a and
apply the v2 version of my patch, which I'll re-send in reply to
this e-mail.
Thanks,
--
Jiri Bohac <jbohac@suse.cz>
SUSE Labs, Prague, Czechia
next reply other threads:[~2022-01-14 17:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-14 17:31 Jiri Bohac [this message]
2022-01-14 17:40 ` [PATCH] xfrm: fix MTU regression Jiri Bohac
2022-01-19 7:35 ` Steffen Klassert
2022-01-19 9:12 ` Jiri Bohac
2022-01-19 9:22 ` [PATCH v2] " Jiri Bohac
2022-01-26 6:41 ` Steffen Klassert
2022-01-24 15:45 ` [PATCH] " Steffen Klassert
2022-01-25 9:41 ` Jiri Bohac
2022-01-26 6:42 ` Steffen Klassert
2022-01-26 15:00 ` [PATCH] Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" Jiri Bohac
2022-02-01 6:46 ` Steffen Klassert
2022-02-15 14:59 ` Thorsten Leemhuis
2022-02-16 11:02 ` Steffen Klassert
2022-01-16 10:18 ` xfrm regression: TCP MSS calculation broken by commit b515d263, results in TCP stall Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220114173133.tzmdm2hy4flhblo3@dwarf.suse.cz \
--to=jbohac@suse.cz \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=maloneykernel@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).