Re: [PATCH]ip_options_fragment() has no effect on fragmentation

Re: [PATCH]ip_options_fragment() has no effect on fragmentation

[Eric Dumazet]

Wei Yongjun a écrit :
> [1]Summary of the problem:
> ip_options_fragment() has no effect on fragmentation
> 
> [2]Full description of the problem:
> When I send IPv4 packet(contain Record Route Option) which need to be 
> fragmented to the router, the router can not fragment it correctly.
> After fragmented by router, the second fragmentation still contain 
> Record Route Option. Refer to RFC791, Record Route Option must Not be 
> copied on fragmentation, goes in first fragment only.
> ip_options_fragment() is the implemental function, but there are some 
> BUGs in it:
> 

Hello Wei

This is the third time I receive this patch (and I am not able to comment it), 
and still you didnt send it to the right list.

Please use netdev@vger.kernel.org for any linux kernel networking stuff.

If you dont receive an acknowledge from this netdev list, please wait at least 
two weeks before resending it.

Thank you
Eric

Re: [PATCH]ip_options_fragment() has no effect on fragmentation

[Patrick McHardy]

Wei Yongjun wrote:
> [1]Summary of the problem:
> ip_options_fragment() has no effect on fragmentation
> 
> [2]Full description of the problem:
> When I send IPv4 packet(contain Record Route Option) which need to be
> fragmented to the router, the router can not fragment it correctly.
> After fragmented by router, the second fragmentation still contain
> Record Route Option. Refer to RFC791, Record Route Option must Not be
> copied on fragmentation, goes in first fragment only.
> ip_options_fragment() is the implemental function, but there are some
> BUGs in it:
> 
> ip_option.c: line 207:
> void ip_options_fragment(struct sk_buff * skb)
> {
> unsigned char * optptr = skb->nh.raw;
> struct ip_options * opt = &(IPCB(skb)->opt);
> ...
> 
> optptr get a error pointer to the ipv4 options, correct is as following:
> 
> unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
> 
> By the way, ip_options_fragment() just fill options not allowed in
> fragments with NOOPs, does not delete the space of the options,
> following patch has corrected the problem.

Please split the optptr fix and your enhancements in two patches and
send them to netdev@vger.kernel.org.

BTW, your mailer corrupts whitespace.

[PATCH]ip_options_fragment() has no effect on fragmentation

[Wei Yongjun]

[-- Attachment #1: Type: text/plain, Size: 4301 bytes --]

[1]Summary of the problem:
ip_options_fragment() has no effect on fragmentation

[2]Full description of the problem:
When I send IPv4 packet(contain Record Route Option) which need to be 
fragmented to the router, the router can not fragment it correctly.
After fragmented by router, the second fragmentation still contain Record 
Route Option. Refer to RFC791, Record Route Option must Not be copied on 
fragmentation, goes in first fragment only.
ip_options_fragment() is the implemental function, but there are some BUGs 
in it:

ip_option.c: line 207:
void ip_options_fragment(struct sk_buff * skb)
{
 unsigned char * optptr = skb->nh.raw;
 struct ip_options * opt = &(IPCB(skb)->opt);
...

optptr get a error pointer to the ipv4 options, correct is as following:

unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);

By the way, ip_options_fragment() just fill options not allowed in fragments 
with NOOPs, does not delete the space of the options, following patch has 
corrected the problem.

--- linux-2.6.15.1/net/ipv4/ip_options.c.orig 2006-01-23 08:55:15.045904912 
+0900
+++ linux-2.6.15.1/net/ipv4/ip_options.c 2006-01-23 09:04:28.885708464 +0900
@@ -207,33 +207,63 @@

 void ip_options_fragment(struct sk_buff * skb)
 {
- unsigned char * optptr = skb->nh.raw;
+ unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
  struct ip_options * opt = &(IPCB(skb)->opt);
  int  l = opt->optlen;
  int  optlen;
+ int  optneed = 0;
+ unsigned char * pp_ptr = optptr;

  while (l > 0) {
   switch (*optptr) {
   case IPOPT_END:
-   return;
+   goto end;
   case IPOPT_NOOP:
    l--;
+   if(optptr != pp_ptr)
+    memcpy(pp_ptr, optptr, 1);
    optptr++;
+   pp_ptr++;
    continue;
   }
   optlen = optptr[1];
-  if (optlen<2 || optlen>l)
-    return;
-  if (!IPOPT_COPIED(*optptr))
-   memset(optptr, IPOPT_NOOP, optlen);
+  if (optlen<2 || optlen>l) {
+   if(optptr != pp_ptr)
+    memcpy(pp_ptr, optptr, l);
+   optptr += l;
+   pp_ptr += l;
+   optneed = 1;
+   goto error;
+  }
+  if (IPOPT_COPIED(*optptr)) {
+   if(optptr != pp_ptr)
+    memcpy(pp_ptr, optptr, optlen);
+   pp_ptr += optlen;
+   optneed = 1;
+  }
   l -= optlen;
   optptr += optlen;
  }
+end:
  opt->ts = 0;
  opt->rr = 0;
  opt->rr_needaddr = 0;
  opt->ts_needaddr = 0;
  opt->ts_needtime = 0;
+error:
+ if (pp_ptr != optptr) {
+  if (optneed == 1) {
+   opt->optlen -= optptr - pp_ptr;
+   if (opt->optlen & 0x03) {
+    for (l = 0; l < 4 - (opt->optlen & 0x03); l++)
+     *pp_ptr++ = IPOPT_END;
+    opt->optlen = (opt->optlen + 3) & ~3;
+   }
+  } else {
+   opt->optlen = 0;
+  }
+  skb->nh.iph->ihl = 5 + (opt->optlen >> 2);
+ }
  return;
 }

--- linux-2.6.15.1/net/ipv4/ip_output.c.orig 2006-01-23 08:54:57.516569776 
+0900
+++ linux-2.6.15.1/net/ipv4/ip_output.c 2006-01-23 09:09:13.531435736 +0900
@@ -503,12 +503,19 @@
     frag->h.raw = frag->data;
     frag->nh.raw = __skb_push(frag, hlen);
     memcpy(frag->nh.raw, iph, hlen);
+    offset += skb->len - hlen;
+    if (offset == skb->len - hlen) {
+     ip_options_fragment(frag);
+     len = frag->nh.iph->ihl * 4;
+     if (hlen != len) {
+      memmove(frag->nh.raw, frag->h.raw - len, len);
+      frag->nh.raw = __skb_pull(frag, hlen - len);
+      hlen = len;
+     }
+    }
     iph = frag->nh.iph;
     iph->tot_len = htons(frag->len);
     ip_copy_metadata(frag, skb);
-    if (offset == 0)
-     ip_options_fragment(frag);
-    offset += skb->len - hlen;
     iph->frag_off = htons(offset>>3);
     if (frag->next != NULL)
      iph->frag_off |= htons(IP_MF);
@@ -619,6 +626,7 @@
    */
   iph = skb2->nh.iph;
   iph->frag_off = htons((offset >> 3));
+  iph->tot_len = htons(len + hlen);

   /* ANK: dirty, but effective trick. Upgrade options only if
    * the segment to be fragmented was THE FIRST (otherwise,
@@ -626,8 +634,11 @@
    * on the initial skb, so that all the following fragments
    * will inherit fixed options.
    */
-  if (offset == 0)
+  if (offset == 0) {
    ip_options_fragment(skb);
+   hlen = skb->nh.iph->ihl * 4;
+   mtu = dst_pmtu(&rt->u.dst) - hlen;
+  }

   /*
    * Added AC : If we are fragmenting a fragment that's not the
@@ -644,8 +655,6 @@

   IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);

-  iph->tot_len = htons(len + hlen);
-
   ip_send_check(iph);

   err = output(skb2);

Best Regard
Wei Yongjun

[-- Attachment #2: fix-a-bug-in-ip_options_fragment.patch --]
[-- Type: application/octet-stream, Size: 3402 bytes --]

--- linux-2.6.15.1/net/ipv4/ip_options.c.orig	2006-01-23 08:55:15.045904912 +0900
+++ linux-2.6.15.1/net/ipv4/ip_options.c	2006-01-23 09:04:28.885708464 +0900
@@ -207,33 +207,63 @@
 
 void ip_options_fragment(struct sk_buff * skb) 
 {
-	unsigned char * optptr = skb->nh.raw;
+	unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
 	struct ip_options * opt = &(IPCB(skb)->opt);
 	int  l = opt->optlen;
 	int  optlen;
+	int  optneed = 0;
+	unsigned char * pp_ptr = optptr;
 
 	while (l > 0) {
 		switch (*optptr) {
 		case IPOPT_END:
-			return;
+			goto end;
 		case IPOPT_NOOP:
 			l--;
+			if(optptr != pp_ptr)
+				memcpy(pp_ptr, optptr, 1);
 			optptr++;
+			pp_ptr++;
 			continue;
 		}
 		optlen = optptr[1];
-		if (optlen<2 || optlen>l)
-		  return;
-		if (!IPOPT_COPIED(*optptr))
-			memset(optptr, IPOPT_NOOP, optlen);
+		if (optlen<2 || optlen>l) {
+			if(optptr != pp_ptr)
+				memcpy(pp_ptr, optptr, l);
+			optptr += l;
+			pp_ptr += l;
+			optneed = 1;
+			goto error;
+		}
+		if (IPOPT_COPIED(*optptr)) {
+			if(optptr != pp_ptr)
+				memcpy(pp_ptr, optptr, optlen);
+			pp_ptr += optlen;
+			optneed = 1;
+		}
 		l -= optlen;
 		optptr += optlen;
 	}
+end:
 	opt->ts = 0;
 	opt->rr = 0;
 	opt->rr_needaddr = 0;
 	opt->ts_needaddr = 0;
 	opt->ts_needtime = 0;
+error:
+	if (pp_ptr != optptr) {
+		if (optneed == 1) {
+			opt->optlen -= optptr - pp_ptr;
+			if (opt->optlen & 0x03) {
+				for (l = 0; l < 4 - (opt->optlen & 0x03); l++)
+					*pp_ptr++ = IPOPT_END;
+				opt->optlen = (opt->optlen + 3) & ~3;
+			}
+		} else {
+			opt->optlen = 0;
+		}
+		skb->nh.iph->ihl = 5 + (opt->optlen >> 2);
+	}
 	return;
 }
 
--- linux-2.6.15.1/net/ipv4/ip_output.c.orig	2006-01-23 08:54:57.516569776 +0900
+++ linux-2.6.15.1/net/ipv4/ip_output.c	2006-01-23 09:09:13.531435736 +0900
@@ -503,12 +503,19 @@
 				frag->h.raw = frag->data;
 				frag->nh.raw = __skb_push(frag, hlen);
 				memcpy(frag->nh.raw, iph, hlen);
+				offset += skb->len - hlen;
+				if (offset == skb->len - hlen) {
+					ip_options_fragment(frag);
+					len = frag->nh.iph->ihl * 4;
+					if (hlen != len) {
+						memmove(frag->nh.raw, frag->h.raw - len, len);
+						frag->nh.raw = __skb_pull(frag, hlen - len);
+						hlen = len;
+					}
+				}
 				iph = frag->nh.iph;
 				iph->tot_len = htons(frag->len);
 				ip_copy_metadata(frag, skb);
-				if (offset == 0)
-					ip_options_fragment(frag);
-				offset += skb->len - hlen;
 				iph->frag_off = htons(offset>>3);
 				if (frag->next != NULL)
 					iph->frag_off |= htons(IP_MF);
@@ -619,6 +626,7 @@
 		 */
 		iph = skb2->nh.iph;
 		iph->frag_off = htons((offset >> 3));
+		iph->tot_len = htons(len + hlen);
 
 		/* ANK: dirty, but effective trick. Upgrade options only if
 		 * the segment to be fragmented was THE FIRST (otherwise,
@@ -626,8 +634,11 @@
 		 * on the initial skb, so that all the following fragments
 		 * will inherit fixed options.
 		 */
-		if (offset == 0)
+		if (offset == 0) {
 			ip_options_fragment(skb);
+			hlen = skb->nh.iph->ihl * 4;
+			mtu = dst_pmtu(&rt->u.dst) - hlen;
+		}
 
 		/*
 		 *	Added AC : If we are fragmenting a fragment that's not the
@@ -644,8 +655,6 @@
 
 		IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
 
-		iph->tot_len = htons(len + hlen);
-
 		ip_send_check(iph);
 
 		err = output(skb2);