From: Tobias Brunner <tobias@strongswan.org>
To: Florian Westphal <fw@strlen.de>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
Marcelo Ricardo Leitner <mleitner@redhat.com>
Subject: Problems with fragments since gso skb forwarding changes in virtual environment
Date: Mon, 07 Apr 2014 18:04:42 +0200 [thread overview]
Message-ID: <5342CC9A.6040800@strongswan.org> (raw)
Hi Florian et al,
We noticed a problem with fragmented packets in the KVM/libvirt-based
strongSwan integration test environment [1] with guest kernels that
include the following commit:
net: ip, ipv6: handle gso skbs in forwarding path
fe6cc55f3a9a053482a76f5a6b2257cee51b4663
The network topology in test scenarios that trigger the problem is as
follows:
Host A - br1 - Router R - br2 - Host B
Where the two hosts and the router are virtual guests connected via
bridges all created via libvirt (see [2] for the XML config files). The
guest's network interfaces all use virtio.
If the router runs with a kernel that includes the commit above, packets
sent from A to B that exceed the MTU (1500 in this case) will be split
into fragments when leaving R. These fragment skbs get defragmented by
the host kernel's nf_defrag_ipv4 module while being forwarded on br2.
This poses a problem. Because the fragment skbs are not GSO, neither is
the defragmented skb. Hence the packets are dropped just before leaving
the bridge, as is_skb_forwardable() will return false unless a too large
skb is actually GSO (this is the same for older host kernels, where the
check is directly done in br_forward.c).
Without the commit, and between A and R even with it (because it only
affects forwarding), the skbs are GSO throughout and transmitted from A
to B without ever actually being fragmented.
Any ideas how to fix this properly? That is, without just reverting
parts of your commit for our guest kernels.
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/TestingEnvironment
[2] http://git.strongswan.org/?p=strongswan.git;a=tree;f=testing/config/kvm
next reply other threads:[~2014-04-07 16:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-07 16:04 Tobias Brunner [this message]
2014-04-07 23:46 ` Problems with fragments since gso skb forwarding changes in virtual environment Florian Westphal
2014-04-08 0:05 ` David Miller
2014-04-08 0:26 ` Florian Westphal
2014-04-08 12:24 ` Tobias Brunner
2014-04-08 14:33 ` Florian Westphal
2014-04-08 15:36 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5342CC9A.6040800@strongswan.org \
--to=tobias@strongswan.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=herbert@gondor.apana.org.au \
--cc=mleitner@redhat.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.