[PATCH 02/11] vti: fix ipv4 pmtu check to honor ip header df

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	<netdev@vger.kernel.org>
Subject: [PATCH 02/11] vti: fix ipv4 pmtu check to honor ip header df
Date: Wed, 31 Mar 2021 10:18:38 +0200	[thread overview]
Message-ID: <20210331081847.3547641-3-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20210331081847.3547641-1-steffen.klassert@secunet.com>

From: Eyal Birger <eyal.birger@gmail.com>

Frag needed should only be sent if the header enables DF.

This fix allows packets larger than MTU to pass the vti interface
and be fragmented after encapsulation, aligning behavior with
non-vti xfrm.

Fixes: d6af1a31cc72 ("vti: Add pmtu handling to vti_xmit.")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv4/ip_vti.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index abc171e79d3e..613741384490 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -218,7 +218,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 	}
 
 	if (dst->flags & DST_XFRM_QUEUE)
-		goto queued;
+		goto xmit;
 
 	if (!vti_state_check(dst->xfrm, parms->iph.daddr, parms->iph.saddr)) {
 		dev->stats.tx_carrier_errors++;
@@ -238,6 +238,8 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 	if (skb->len > mtu) {
 		skb_dst_update_pmtu_no_confirm(skb, mtu);
 		if (skb->protocol == htons(ETH_P_IP)) {
+			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+				goto xmit;
 			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 				  htonl(mtu));
 		} else {
@@ -251,7 +253,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 		goto tx_error;
 	}
 
-queued:
+xmit:
 	skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
 	skb_dst_set(skb, dst);
 	skb->dev = skb_dst(skb)->dev;
-- 
2.25.1

next prev parent reply	other threads:[~2021-03-31  8:19 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-31  8:18 pull request (net): ipsec 2021-03-31 Steffen Klassert
2021-03-31  8:18 ` [PATCH 01/11] xfrm: interface: fix ipv4 pmtu check to honor ip header df Steffen Klassert
2021-03-31 22:00   ` patchwork-bot+netdevbpf
2021-03-31  8:18 ` Steffen Klassert [this message]
2021-03-31  8:18 ` [PATCH 03/11] vti6: " Steffen Klassert
2021-03-31  8:18 ` [PATCH 04/11] xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume Steffen Klassert
2021-03-31  8:18 ` [PATCH 05/11] net: xfrm: Localize sequence counter per network namespace Steffen Klassert
2021-03-31  8:18 ` [PATCH 06/11] net: xfrm: Use sequence counter with associated spinlock Steffen Klassert
2021-03-31  8:18 ` [PATCH 07/11] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload Steffen Klassert
2021-03-31  8:18 ` [PATCH 08/11] xfrm: BEET mode doesn't support fragments for inner packets Steffen Klassert
2021-03-31  8:18 ` [PATCH 09/11] xfrm: Fix NULL pointer dereference on policy lookup Steffen Klassert
2021-03-31  8:18 ` [PATCH 10/11] xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets Steffen Klassert
2021-03-31  8:18 ` [PATCH 11/11] xfrm/compat: Cleanup WARN()s that can be user-triggered Steffen Klassert
2021-03-31 22:00 ` pull request (net): ipsec 2021-03-31 patchwork-bot+netdevbpf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:abc171e79d3 dfblob:61374138449 )
 OR (
bs:"[PATCH 02/11] vti: fix ipv4 pmtu check to honor ip header df" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210331081847.3547641-3-steffen.klassert@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).