[PATCH 4.14 05/28] net: fix pmtu check in nopmtudisc mode

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Stefano Brivio <sbrivio@redhat.com>,
	Florian Westphal <fw@strlen.de>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 4.14 05/28] net: fix pmtu check in nopmtudisc mode
Date: Fri, 15 Jan 2021 13:27:42 +0100	[thread overview]
Message-ID: <20210115121957.006577531@linuxfoundation.org> (raw)
In-Reply-To: <20210115121956.731354372@linuxfoundation.org>

From: Florian Westphal <fw@strlen.de>

[ Upstream commit 50c661670f6a3908c273503dfa206dfc7aa54c07 ]

For some reason ip_tunnel insist on setting the DF bit anyway when the
inner header has the DF bit set, EVEN if the tunnel was configured with
'nopmtudisc'.

This means that the script added in the previous commit
cannot be made to work by adding the 'nopmtudisc' flag to the
ip tunnel configuration. Doing so breaks connectivity even for the
without-conntrack/netfilter scenario.

When nopmtudisc is set, the tunnel will skip the mtu check, so no
icmp error is sent to client. Then, because inner header has DF set,
the outer header gets added with DF bit set as well.

IP stack then sends an error to itself because the packet exceeds
the device MTU.

Fixes: 23a3647bc4f93 ("ip_tunnels: Use skb-len to PMTU check.")
Cc: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/ip_tunnel.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -752,7 +752,11 @@ void ip_tunnel_xmit(struct sk_buff *skb,
 		goto tx_error;
 	}
 
-	if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
+	df = tnl_params->frag_off;
+	if (skb->protocol == htons(ETH_P_IP) && !tunnel->ignore_df)
+		df |= (inner_iph->frag_off & htons(IP_DF));
+
+	if (tnl_update_pmtu(dev, skb, rt, df, inner_iph)) {
 		ip_rt_put(rt);
 		goto tx_error;
 	}
@@ -780,10 +784,6 @@ void ip_tunnel_xmit(struct sk_buff *skb,
 			ttl = ip4_dst_hoplimit(&rt->dst);
 	}
 
-	df = tnl_params->frag_off;
-	if (skb->protocol == htons(ETH_P_IP) && !tunnel->ignore_df)
-		df |= (inner_iph->frag_off&htons(IP_DF));
-
 	max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
 			+ rt->dst.header_len + ip_encap_hlen(&tunnel->encap);
 	if (max_headroom > dev->needed_headroom)

next prev parent reply	other threads:[~2021-01-15 13:04 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-15 12:27 [PATCH 4.14 00/28] 4.14.216-rc1 review Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 01/28] powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 02/28] net: cdc_ncm: correct overhead in delayed_ndp_size Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 03/28] net: vlan: avoid leaks on register_vlan_dev() failures Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 04/28] net: ip: always refragment ip defragmented packets Greg Kroah-Hartman
2021-01-15 12:27 ` Greg Kroah-Hartman [this message]
2021-01-15 12:27 ` [PATCH 4.14 06/28] x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 07/28] x86/resctrl: Dont move a task to the same resource group Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 08/28] vmlinux.lds.h: Add PGO and AutoFDO input sections Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 09/28] drm/i915: Fix mismatch between misplaced vma check and vma insert Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 10/28] ubifs: wbuf: Dont leak kernel memory to flash Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 11/28] spi: pxa2xx: Fix use-after-free on unbind Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 12/28] iio: imu: st_lsm6dsx: flip irq return logic Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 13/28] iio: imu: st_lsm6dsx: fix edge-trigger interrupts Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 14/28] ARM: OMAP2+: omap_device: fix idling of devices during probe Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 15/28] i2c: sprd: use a specific timeout to avoid system hang up issue Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 16/28] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 17/28] spi: stm32: FIFO threshold level - fix align packet size Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 18/28] dmaengine: xilinx_dma: check dma_async_device_register return value Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 19/28] dmaengine: xilinx_dma: fix mixed_enum_type coverity warning Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 20/28] wil6210: select CONFIG_CRC32 Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 21/28] block: rsxx: " Greg Kroah-Hartman
2021-01-15 12:27 ` [PATCH 4.14 22/28] iommu/intel: Fix memleak in intel_irq_remapping_alloc Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 23/28] net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 24/28] net/mlx5e: Fix two double free cases Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 25/28] wan: ds26522: select CONFIG_BITREVERSE Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 26/28] KVM: arm64: Dont access PMCR_EL0 when no PMU is available Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 27/28] block: fix use-after-free in disk_part_iter_next Greg Kroah-Hartman
2021-01-15 12:28 ` [PATCH 4.14 28/28] net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet Greg Kroah-Hartman
2021-01-15 21:17 ` [PATCH 4.14 00/28] 4.14.216-rc1 review Guenter Roeck
2021-01-16  6:38 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210115121957.006577531@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=fw@strlen.de \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=sbrivio@redhat.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox