netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* nftables flow offload possible mtu handling issue
@ 2019-05-17 16:27 marcmicalizzi
  2019-05-18 21:45 ` Florian Westphal
  2019-05-21  1:44 ` Florian Westphal
  0 siblings, 2 replies; 3+ messages in thread
From: marcmicalizzi @ 2019-05-17 16:27 UTC (permalink / raw)
  To: netfilter-devel

With flow offload between devices of differing mtus, there seems to be an
issue sending from through higher mtu to the lower mtu device.
I’m currently on 4.20 from the linux-arm mcbin branch, as it’s all I can get
running on my specific embedded platform.

In my case I have

table ip nat {
        chain POSTROUTING {
                type nat hook postrouting priority 100; policy accept;
                oifname "ppp0" ip saddr 192.168.10.0/24 snat to
xx.xxx.xx.xxx

        }
}
table ip filter {
        flowtable f1 {
                hook ingress priority 0
                devices = { eth0.1, ppp0 }
        }

        chain FORWARD {
                type filter hook forward priority 0; policy accept;
                ip protocol tcp flow offload @f1
                counter
                tcp flags syn tcp option maxseg size set rt mtu
        }
}

ppp0 has an mtu of 1500.
Running a speedtest from a device connected to eth0.1, download seems to
always be fine, but if eth0.1 has an mtu higher than 1492, upload fails
completely most of the time. (Prior to flow offloading, eth0/eth0.1 has an
mtu of 9000, and this is the mtu I would prefer to have it running at.

An interesting observation, as well, is that with eth0.1 mtu at 9000, if
during the upload portion of a speed test I issue `ip link set ppp0 mtu
(1492/1500, whichever it currently is not)`, the upload will start working
for the remainder of the upload test.

This also manifests outside speedtest, but less predictably, with dropped
connections due to outgoing packet failures.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: nftables flow offload possible mtu handling issue
  2019-05-17 16:27 nftables flow offload possible mtu handling issue marcmicalizzi
@ 2019-05-18 21:45 ` Florian Westphal
  2019-05-21  1:44 ` Florian Westphal
  1 sibling, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2019-05-18 21:45 UTC (permalink / raw)
  To: marcmicalizzi; +Cc: netfilter-devel

marcmicalizzi@gmail.com <marcmicalizzi@gmail.com> wrote:
> With flow offload between devices of differing mtus, there seems to be an
> issue sending from through higher mtu to the lower mtu device.
> I’m currently on 4.20 from the linux-arm mcbin branch, as it’s all I can get
> running on my specific embedded platform.

Current assumptions:
1. Flow offload can't deal with GRO skbs when MTU of oif is smaller,
   as it bypasses the code in ip output that deals with this

2. flow offload expr should never offload connections that have
   active helper and/or seqadj extension.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: nftables flow offload possible mtu handling issue
  2019-05-17 16:27 nftables flow offload possible mtu handling issue marcmicalizzi
  2019-05-18 21:45 ` Florian Westphal
@ 2019-05-21  1:44 ` Florian Westphal
  1 sibling, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2019-05-21  1:44 UTC (permalink / raw)
  To: marcmicalizzi; +Cc: netfilter-devel

marcmicalizzi@gmail.com <marcmicalizzi@gmail.com> wrote:
> With flow offload between devices of differing mtus, there seems to be an
> issue sending from through higher mtu to the lower mtu device.
> I’m currently on 4.20 from the linux-arm mcbin branch, as it’s all I can get
> running on my specific embedded platform.

I think i figured out why this is failing, I will send patches later
today.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-05-21  1:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-17 16:27 nftables flow offload possible mtu handling issue marcmicalizzi
2019-05-18 21:45 ` Florian Westphal
2019-05-21  1:44 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).