[RFC PATCH 3/3] xfrm4: Invalidate all ipv4 routes on IPsec pmtu events

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: "Yurij M. Plotnikov" <Yurij.Plotnikov@oktetlabs.ru>
Cc: Ben Hutchings <bhutchings@solarflare.com>,
	netdev@vger.kernel.org,
	"Alexandra N. Kossovsky" <Alexandra.Kossovsky@oktetlabs.ru>
Subject: [RFC PATCH 3/3] xfrm4: Invalidate all ipv4 routes on IPsec pmtu events
Date: Fri, 18 Jan 2013 09:16:01 +0100	[thread overview]
Message-ID: <20130118081601.GE24987@secunet.com> (raw)
In-Reply-To: <20130118081145.GB24987@secunet.com>

On IPsec pmtu events we can't access the transport headers of
the original packet, so we can't find the socket that sent
the packet. The only chance to notify the socket about the
pmtu change is to force a relookup for all routes. This
patch implenents this for the IPsec protocols.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv4/ah4.c    |    7 +++++--
 net/ipv4/esp4.c   |    7 +++++--
 net/ipv4/ipcomp.c |    7 +++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index a0d8392..612ecc9 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -413,9 +413,12 @@ static void ah4_err(struct sk_buff *skb, u32 info)
 	if (!x)
 		return;
 
-	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
+	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+		atomic_inc(&flow_cache_genid);
+		rt_genid_bump(net);
+
 		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
-	else
+	} else
 		ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0);
 	xfrm_state_put(x);
 }
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index b61e9de..2d32ae5 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -499,9 +499,12 @@ static void esp4_err(struct sk_buff *skb, u32 info)
 	if (!x)
 		return;
 
-	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
+	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+		atomic_inc(&flow_cache_genid);
+		rt_genid_bump(net);
+
 		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
-	else
+	} else
 		ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0);
 	xfrm_state_put(x);
 }
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index d3ab47e..9a46dae 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -47,9 +47,12 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
 	if (!x)
 		return;
 
-	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
+	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+		atomic_inc(&flow_cache_genid);
+		rt_genid_bump(net);
+
 		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);
-	else
+	} else
 		ipv4_redirect(skb, net, 0, 0, IPPROTO_COMP, 0);
 	xfrm_state_put(x);
 }
-- 
1.7.9.5

next prev parent reply	other threads:[~2013-01-18  8:16 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-19 13:10 PMTU discovery is broken on kernel 3.7.1 for UDP sockets Yurij M. Plotnikov
2012-12-19 13:35 ` Ben Hutchings
2012-12-19 14:27   ` Yurij M. Plotnikov
2012-12-19 19:37     ` Ben Hutchings
2012-12-20  7:14       ` Yurij M. Plotnikov
2012-12-20  7:34       ` Steffen Klassert
2012-12-20 11:22         ` Yurij M. Plotnikov
2012-12-20 12:35           ` Steffen Klassert
2012-12-21 10:22             ` Steffen Klassert
2013-01-14  8:26               ` Yurij M. Plotnikov
2013-01-14 12:52                 ` Steffen Klassert
2013-01-18  8:11                 ` Steffen Klassert
2013-01-18  8:14                   ` [RFC PATCH 1/3] ipv4: Invalidate the socket cached route on pmtu events if possible Steffen Klassert
2013-01-18 19:38                     ` David Miller
2013-01-19  0:54                     ` Julian Anastasov
2013-01-21  6:43                       ` Steffen Klassert
2013-01-18  8:15                   ` [RFC PATCH 2/3] ipv4: Add a socket release callback for datagram sockets Steffen Klassert
2013-01-18 19:39                     ` David Miller
2013-01-18  8:16                   ` Steffen Klassert [this message]
2013-01-18 19:39                     ` [RFC PATCH 3/3] xfrm4: Invalidate all ipv4 routes on IPsec pmtu events David Miller
2013-01-21  6:48                       ` Steffen Klassert
2013-01-21 12:04                       ` Steffen Klassert
2013-01-21 11:31                   ` PMTU discovery is broken on kernel 3.7.1 for UDP sockets Yurij M. Plotnikov
2013-01-21 11:38                     ` Steffen Klassert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a0d8392 dfblob:612ecc9 dfblob:b61e9de dfblob:2d32ae5
dfblob:d3ab47e dfblob:9a46dae )
 OR (
bs:"[RFC PATCH 3/3] xfrm4: Invalidate all ipv4 routes on IPsec pmtu events" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130118081601.GE24987@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=Alexandra.Kossovsky@oktetlabs.ru \
    --cc=Yurij.Plotnikov@oktetlabs.ru \
    --cc=bhutchings@solarflare.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).