Re: [PATCH nf] netfilter: bridge: honor frag_max_size when refragmenting

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf] netfilter: bridge: honor frag_max_size when refragmenting
Date: Thu, 9 Mar 2017 23:15:28 +0100	[thread overview]
Message-ID: <20170309221528.GA17890@breakpoint.cc> (raw)
In-Reply-To: <20170309220340.12713-1-fw@strlen.de>

Florian Westphal <fw@strlen.de> wrote:
> consider a bridge with mtu 9000, but end host sending smaller
> packets to another host with mtu < 9000.
> 
> In this case, after reassembly, bridge+defrag would refragment,
> and then attempt to send the reassembled packet as long as it
> was below 9k.
> 
> Instead we have to cap by the largest fragment size seen.
> 
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  No Fixes tag, seems this problem has always existed.
>  tested in kvm with both ipv4 and ipv6 and following setup:
> 
>  client (mtu 1500)  --- bridge(mtu 9k) --- client (mtu 1500)
> 
>  bridge (incl. all ports) have 9k mtu.
> 
>  without this patch, ping/ping6 only works for sizes <= 1500
>  and > 9000.

grrr.  it breaks the normal path...

> diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
> index 95087e6e8258..81889afee212 100644
> --- a/net/bridge/br_netfilter_hooks.c
> +++ b/net/bridge/br_netfilter_hooks.c
> @@ -721,18 +721,19 @@ static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
>  
>  static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff *skb)
>  {
> -	struct nf_bridge_info *nf_bridge;
> -	unsigned int mtu_reserved;
> +	struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
> +	unsigned int mtu, mtu_reserved;
>  
>  	mtu_reserved = nf_bridge_mtu_reduction(skb);
> +	mtu = nf_bridge->frag_max_size;

This can be 0, I'll send a v2.

     prev parent reply	other threads:[~2017-03-09 22:15 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-09 22:03 [PATCH nf] netfilter: bridge: honor frag_max_size when refragmenting Florian Westphal
2017-03-09 22:15 ` Florian Westphal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170309221528.GA17890@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.