From: Patrick McHardy <kaber@trash.net>
To: Ingo Oeser <ioe-lkml@rameria.de>
Cc: bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Bart De Schuymer <bdschuym@pandora.be>
Subject: Re: [Bridge] [BUG] Dropping fragmented IP packets within VLAN frames on bridge
Date: Sat, 26 May 2007 17:05:42 +0200 [thread overview]
Message-ID: <46584CC6.3020705@trash.net> (raw)
In-Reply-To: <200705261621.00385.ioe-lkml@rameria.de>
Ingo Oeser wrote:
> On Saturday 26 May 2007, Patrick McHardy wrote:
>
>>net/8021q ignores the VLAN header overhead, so we should probably do the
>>same here for consistency. Using IS_VLAN_IP (and IS_PPPOE_IP for current
>>-rc) looks fine, additionally we should probably also check for
>>skb->nfct != NULL to make sure that at least without connection tracking
>>the bridge doesn't perform fragmentation.
>
>
> And could we separe the conditions for that into a static helper function
> explaining each of these conditions? e.g. sth. like that:
The MTU checks are self-explanatory. Just a comment above the function
stating that it tries to find out whether a packet needs to be
refragmented because it was defragmented by IPv4 connection tracking
and exceeds the MTU should be enough.
> static bool br_nf_need_fragment(struct sk_buff *skb)
> {
> /* Plain IP packet does not fit in MTU */
> if (!(skb->protocol == htons(ETH_P_IP) && skb->len > skb->dev->mtu))
> return true;
>
> /* VLAN encapsulated IP packet does not fit in MTU */
> if (IS_VLAN_IP(skb) && skb->len > skb->dev->mtu - VLAN_HLEN)
> return true;
>
> /* PPPoE encapsulated IP packet does not fit in MTU */
> if (IS_PPPOE_IP(skb) && skb->len > skb->dev->mtu - PPPOE_SES_HLEN)
> return true;
>
> return false;
> }
As I said, I don't think we should account for the VLAN header overhead,
the VLAN code itself doesn't even do it. And we should exclude packets
that don't have a connection tracking reference attached since we are
only undoing the damage connection tracking did by defragmenting it
and should avoid fragmenting other packets as good as possible.
> and then br_nf_dev_queue_xmit() becomes:
>
> static int br_nf_dev_queue_xmit(struct sk_buff *skb)
> {
> if (br_nf_need_fragment(skb) && !skb_is_gso(skb))
> return ip_fragment(skb, br_dev_queue_push_xmit);
> else
> return br_dev_queue_push_xmit(skb);
> }
>
> which is much more readable, more documented and doesn't contain a condition monster :-)
>
> @Patrick: Could you check, wether the PPPoE case is correct?
It looks OK. But there is another problem, ip_fragment doesn't care
about the PPPoE overhead and produces a packet that will be too large
after restoring the PPPoE header. A second __fake_rtable that accounts
for the PPPoE overhead could probably fix that ..
> What do you think? Should I submit a patch for that?
Sure :)
WARNING: multiple messages have this Message-ID (diff)
From: Patrick McHardy <kaber@trash.net>
To: Ingo Oeser <ioe-lkml@rameria.de>
Cc: Adam Osuchowski <adwol@zonk.pl>,
Stephen Hemminger <shemminger@linux-foundation.org>,
bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Bart De Schuymer <bdschuym@pandora.be>
Subject: Re: [Bridge] [BUG] Dropping fragmented IP packets within VLAN frames on bridge
Date: Sat, 26 May 2007 17:05:42 +0200 [thread overview]
Message-ID: <46584CC6.3020705@trash.net> (raw)
In-Reply-To: <200705261621.00385.ioe-lkml@rameria.de>
Ingo Oeser wrote:
> On Saturday 26 May 2007, Patrick McHardy wrote:
>
>>net/8021q ignores the VLAN header overhead, so we should probably do the
>>same here for consistency. Using IS_VLAN_IP (and IS_PPPOE_IP for current
>>-rc) looks fine, additionally we should probably also check for
>>skb->nfct != NULL to make sure that at least without connection tracking
>>the bridge doesn't perform fragmentation.
>
>
> And could we separe the conditions for that into a static helper function
> explaining each of these conditions? e.g. sth. like that:
The MTU checks are self-explanatory. Just a comment above the function
stating that it tries to find out whether a packet needs to be
refragmented because it was defragmented by IPv4 connection tracking
and exceeds the MTU should be enough.
> static bool br_nf_need_fragment(struct sk_buff *skb)
> {
> /* Plain IP packet does not fit in MTU */
> if (!(skb->protocol == htons(ETH_P_IP) && skb->len > skb->dev->mtu))
> return true;
>
> /* VLAN encapsulated IP packet does not fit in MTU */
> if (IS_VLAN_IP(skb) && skb->len > skb->dev->mtu - VLAN_HLEN)
> return true;
>
> /* PPPoE encapsulated IP packet does not fit in MTU */
> if (IS_PPPOE_IP(skb) && skb->len > skb->dev->mtu - PPPOE_SES_HLEN)
> return true;
>
> return false;
> }
As I said, I don't think we should account for the VLAN header overhead,
the VLAN code itself doesn't even do it. And we should exclude packets
that don't have a connection tracking reference attached since we are
only undoing the damage connection tracking did by defragmenting it
and should avoid fragmenting other packets as good as possible.
> and then br_nf_dev_queue_xmit() becomes:
>
> static int br_nf_dev_queue_xmit(struct sk_buff *skb)
> {
> if (br_nf_need_fragment(skb) && !skb_is_gso(skb))
> return ip_fragment(skb, br_dev_queue_push_xmit);
> else
> return br_dev_queue_push_xmit(skb);
> }
>
> which is much more readable, more documented and doesn't contain a condition monster :-)
>
> @Patrick: Could you check, wether the PPPoE case is correct?
It looks OK. But there is another problem, ip_fragment doesn't care
about the PPPoE overhead and produces a packet that will be too large
after restoring the PPPoE header. A second __fake_rtable that accounts
for the PPPoE overhead could probably fix that ..
> What do you think? Should I submit a patch for that?
Sure :)
next prev parent reply other threads:[~2007-05-26 15:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-25 8:17 [Bridge] [BUG] Dropping fragmented IP packets within VLAN frames on bridge Adam Osuchowski
2007-05-25 8:17 ` Adam Osuchowski
2007-05-25 15:59 ` [Bridge] " Stephen Hemminger
2007-05-25 17:49 ` Adam Osuchowski
2007-05-25 18:00 ` Stephen Hemminger
2007-05-25 18:17 ` Adam Osuchowski
2007-05-25 18:28 ` Stephen Hemminger
2007-05-25 18:49 ` Adam Osuchowski
2007-05-26 8:13 ` Patrick McHardy
2007-05-26 8:13 ` Patrick McHardy
2007-05-26 14:20 ` Ingo Oeser
2007-05-26 14:20 ` Ingo Oeser
2007-05-26 15:05 ` Patrick McHardy [this message]
2007-05-26 15:05 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46584CC6.3020705@trash.net \
--to=kaber@trash.net \
--cc=bdschuym@pandora.be \
--cc=bridge@lists.linux-foundation.org \
--cc=ioe-lkml@rameria.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.