* IPv4 Fragmentation in a IPIP6 tunnel
@ 2013-10-30 15:02 Pietro Paolini
2013-10-31 9:39 ` Fan Du
0 siblings, 1 reply; 3+ messages in thread
From: Pietro Paolini @ 2013-10-30 15:02 UTC (permalink / raw)
To: kernelnewbies
Hello everyone,
I am working for an embedded Linux firmware running on a CPE and I am
using an IP4 over IPv6 tunnel configured as following:
ip -f inet6 tunnel add tun1 mode ipip6 remote XX:XX:XX local XX:XX:XX
dev eth0
And it works fine until I don't try to test the fragment case: I send a
too big UDP packet and my expectation - and requirement (sob) - would
be a IPv6 packet fragmentation but what I get is a double
fragmentation (IPv4 and IPv6), then, summarizing:
IPv4 --> [IPv4-1-segment][IPv6] [IPv4-2-segment][IPv6]
Looking at the kernel code - which in I am not an expert - I observed
that the function ip_finish_output :
#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
/* Policy lookup after SNAT yielded a new policy */
if (skb_dst(skb)->xfrm != NULL) {
IPCB(skb)->flags |= IPSKB_REROUTED;
return dst_output(skb);
}
#endif
#if defined(CONFIG_INET_IPSEC_OFFLOAD)
if ((skb->ipsec_offload == 0) &&
skb->len > ip_skb_dst_mtu(skb) && !skb_is_gso(skb))
#else
if (skb->len > ip_skb_dst_mtu(skb) && !skb_is_gso(skb))
#endif
return ip_fragment(skb, ip_finish_output2);
else
return ip_finish_output2(skb);
Does not care about it, it just fragments if the MTU does not match.
Is there any options to disable the fragmentation on IPV4 ? I am
misconfiguring something ? Why does the ipip6 has this wrong behavior ?
Thanks in advance,
Pietro.
Pietro Paolini
pulsarpietro at aol.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* IPv4 Fragmentation in a IPIP6 tunnel
2013-10-30 15:02 IPv4 Fragmentation in a IPIP6 tunnel Pietro Paolini
@ 2013-10-31 9:39 ` Fan Du
2013-11-04 11:17 ` Pietro Paolini
0 siblings, 1 reply; 3+ messages in thread
From: Fan Du @ 2013-10-31 9:39 UTC (permalink / raw)
To: kernelnewbies
Hi Pietro
On 2013?10?30? 23:02, Pietro Paolini wrote:
> Hello everyone,
> I am working for an embedded Linux firmware running on a CPE and I am
> using an IP4 over IPv6 tunnel configured as following:
>
> ip -f inet6 tunnel add tun1 mode ipip6 remote XX:XX:XX local XX:XX:XX
> dev eth0
>
> And it works fine until I don't try to test the fragment case: I send a
> too big UDP packet and my expectation - and requirement (sob) - would
> be a IPv6 packet fragmentation but what I get is a double
> fragmentation (IPv4 and IPv6), then, summarizing:
>
> IPv4 --> [IPv4-1-segment][IPv6] [IPv4-2-segment][IPv6]
I didn't manage to test this, but a first glance make me think your expectation has one requirement:
UDP packet + IPv4 header doesn't not exceed mtu of IPv4 src->dst, *AND* UDP packet + IPv4 header exceed the IPv6 tunnel mtu.
UDP packet first has to fit into IPv4 layer size(phase 1), and then tunneled in IPv6 style(phase 2). So two kinds of mtu involved here.
> Looking at the kernel code - which in I am not an expert - I observed
> that the function ip_finish_output :
>
> #if defined(CONFIG_NETFILTER)&& defined(CONFIG_XFRM)
> /* Policy lookup after SNAT yielded a new policy */
> if (skb_dst(skb)->xfrm != NULL) {
> IPCB(skb)->flags |= IPSKB_REROUTED;
> return dst_output(skb);
> }
> #endif
> #if defined(CONFIG_INET_IPSEC_OFFLOAD)
> if ((skb->ipsec_offload == 0)&&
> skb->len> ip_skb_dst_mtu(skb)&& !skb_is_gso(skb))
> #else
> if (skb->len> ip_skb_dst_mtu(skb)&& !skb_is_gso(skb))
> #endif
> return ip_fragment(skb, ip_finish_output2);
> else
> return ip_finish_output2(skb);
>
> Does not care about it, it just fragments if the MTU does not match.
>
> Is there any options to disable the fragmentation on IPV4 ? I am
> misconfiguring something ? Why does the ipip6 has this wrong behavior ?
>
> Thanks in advance,
> Pietro.
>
> Pietro Paolini
> pulsarpietro at aol.com
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
--
?????????
--fan
^ permalink raw reply [flat|nested] 3+ messages in thread
* IPv4 Fragmentation in a IPIP6 tunnel
2013-10-31 9:39 ` Fan Du
@ 2013-11-04 11:17 ` Pietro Paolini
0 siblings, 0 replies; 3+ messages in thread
From: Pietro Paolini @ 2013-11-04 11:17 UTC (permalink / raw)
To: kernelnewbies
Hello,
I investigated better the problem, the MTU (WAN and LAN side) is 1500 bytes, I am running a test which send a packet of 1496 bytes LAN side and is not fragmented.
The problem appears because the size of the IPv6 header plus the payload (1496 bytes) is greater then the MTU (1500), at that point the IPv4 packet is fragmented while my expectation is that just the IPv6 should be. I placed a printk in the ip_fragment function and I can see that the packet is fragmented over there, my expectation is that piece of code should not been ever executed since i am sending over IPv6, I would remark that I don't have a fully understanding of the linux kernel networking stack implementation.
Where should the IPv6 fragmentation be done ?
Pietro Paolini
pulsarpietro at aol.com
-----Original Message-----
From: Fan Du <fan.du@windriver.com>
To: Pietro Paolini <pulsarpietro@aol.com>
Cc: kernelnewbies <kernelnewbies@kernelnewbies.org>; p.paolini <p.paolini@genexis.eu>
Sent: Thu, Oct 31, 2013 10:39 am
Subject: Re: IPv4 Fragmentation in a IPIP6 tunnel
Hi Pietro
On 2013?10?30? 23:02, Pietro Paolini wrote:
> Hello everyone,
> I am working for an embedded Linux firmware running on a CPE and I am
> using an IP4 over IPv6 tunnel configured as following:
>
> ip -f inet6 tunnel add tun1 mode ipip6 remote XX:XX:XX local XX:XX:XX
> dev eth0
>
> And it works fine until I don't try to test the fragment case: I send a
> too big UDP packet and my expectation - and requirement (sob) - would
> be a IPv6 packet fragmentation but what I get is a double
> fragmentation (IPv4 and IPv6), then, summarizing:
>
> IPv4 --> [IPv4-1-segment][IPv6] [IPv4-2-segment][IPv6]
I didn't manage to test this, but a first glance make me think your expectation
has one requirement:
UDP packet + IPv4 header doesn't not exceed mtu of IPv4 src->dst, *AND* UDP
packet + IPv4 header exceed the IPv6 tunnel mtu.
UDP packet first has to fit into IPv4 layer size(phase 1), and then tunneled in
IPv6 style(phase 2). So two kinds of mtu involved here.
> Looking at the kernel code - which in I am not an expert - I observed
> that the function ip_finish_output :
>
> #if defined(CONFIG_NETFILTER)&& defined(CONFIG_XFRM)
> /* Policy lookup after SNAT yielded a new policy */
> if (skb_dst(skb)->xfrm != NULL) {
> IPCB(skb)->flags |= IPSKB_REROUTED;
> return dst_output(skb);
> }
> #endif
> #if defined(CONFIG_INET_IPSEC_OFFLOAD)
> if ((skb->ipsec_offload == 0)&&
> skb->len> ip_skb_dst_mtu(skb)&& !skb_is_gso(skb))
> #else
> if (skb->len> ip_skb_dst_mtu(skb)&& !skb_is_gso(skb))
> #endif
> return ip_fragment(skb, ip_finish_output2);
> else
> return ip_finish_output2(skb);
>
> Does not care about it, it just fragments if the MTU does not match.
>
> Is there any options to disable the fragmentation on IPV4 ? I am
> misconfiguring something ? Why does the ipip6 has this wrong behavior ?
>
> Thanks in advance,
> Pietro.
>
> Pietro Paolini
> pulsarpietro at aol.com
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
--
?????????
--fan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20131104/6be13651/attachment.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-11-04 11:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-30 15:02 IPv4 Fragmentation in a IPIP6 tunnel Pietro Paolini
2013-10-31 9:39 ` Fan Du
2013-11-04 11:17 ` Pietro Paolini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).