From: Jakub Kicinski <kuba@kernel.org>
To: alice.kernel@fastmail.im
Cc: Jakub Kicinski <kuba@kernel.org>,
daniel@iogearbox.net, davem@davemloft.net, edumazet@google.com,
pabeni@redhat.com, lucien.xin@gmail.com,
willemdebruijn.kernel@gmail.com, willemb@google.com,
dsahern@kernel.org, razor@blackwall.org, shuah@kernel.org,
stfomichev@gmail.com, andrew+netdev@lunn.ch, horms@kernel.org,
fw@strlen.de, netdev@vger.kernel.org, alice@isovalent.com
Subject: Re: [PATCH net-next v6 05/11] udp: Support gro_ipv4_max_size > 65536
Date: Thu, 4 Jun 2026 19:37:11 -0700 [thread overview]
Message-ID: <20260605023712.3627277-1-kuba@kernel.org> (raw)
In-Reply-To: <20260602093931.516281-6-alice.kernel@fastmail.im>
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.
---
udp: Support gro_ipv4_max_size > 65536
This commit allows GRO to aggregate UDP packets larger than 65535 bytes
by writing 0 to the UDP header length field (via udp_set_len()) and
restoring the real length from skb->len in udp_rcv().
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 3e92575f1d55..856c23b9d6dd 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -2605,6 +2605,9 @@ int udp_rcv(struct sk_buff *skb)
> if (ulen > skb->len)
> goto short_packet;
>
> + if (!ulen)
> + ulen = skb->len;
> +
> if (ulen < sizeof(*uh))
> goto short_packet;
>
> diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c
> index 96987b1c05cd..f7da760f046f 100644
> --- a/net/ipv4/udp_offload.c
> +++ b/net/ipv4/udp_offload.c
> @@ -919,7 +919,7 @@ int udp_gro_complete(struct sk_buff *skb, int nhoff,
> struct sock *sk;
> int err;
>
> - udp_set_len_short(uh, newlen);
> + udp_set_len(uh, newlen);
[High]
After this change, udp_gro_complete() may write uh->len = 0 when the
aggregated packet is >= GRO_LEGACY_MAX_SIZE (65536). How does this
interact with conntrack on the receive path?
Looking at udp_validate_len() in net/netfilter/nf_conntrack_proto_udp.c
at this commit:
static bool udp_validate_len(...)
{
unsigned int udplen = udp_get_len_short(hdr);
...
if (udplen > skblen || udplen < sizeof(*hdr))
return false;
...
}
For a super-packet where uh->len has been zeroed, udp_get_len_short()
returns 0, which is less than sizeof(*hdr), so udp_validate_len() returns
false. udp_error() then logs "truncated/malformed packet" and
nf_conntrack_udp_packet() returns -NF_ACCEPT, leaving the flow untracked.
The deployment this patch enables (gro_ipv4_max_size > 65536 with VXLAN
or Geneve TCP-in-UDP and conntrack) is the very example given in the
commit message. Should this patch also update udp_validate_len() (or
otherwise account for the zeroed length) so that conntrack does not drop
out of the state machine for super-packets, breaking NAT and stateful
firewalling?
The follow-up patch in this series, "udp: Support BIG TCP GSO packets
where they can occur" (b73c2d663201), updates udp_validate_len() to
accept udplen == 0 when skblen >= GRO_LEGACY_MAX_SIZE, but until that
patch is applied this commit on its own appears to regress conntrack for
the configurations it is intended to support.
> sk = INDIRECT_CALL_INET(lookup, udp6_lib_lookup_skb,
> udp4_lib_lookup_skb, skb, uh->source, uh->dest);
[ ... ]
next prev parent reply other threads:[~2026-06-05 2:37 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 9:39 [PATCH net-next v6 00/11] BIG TCP for UDP tunnels Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 01/11] net/sched: act_csum: don't mangle UDP tunnel GSO packets Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 02/11] geneve: Fix off-by-one comparing with GRO_LEGACY_MAX_SIZE Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 03/11] net: Use helpers to get/set UDP len tree-wide Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 04/11] net: Enable BIG TCP with partial GSO Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 05/11] udp: Support gro_ipv4_max_size > 65536 Alice Mikityanska
2026-06-05 2:37 ` Jakub Kicinski [this message]
2026-06-02 9:39 ` [PATCH net-next v6 06/11] udp: Support BIG TCP GSO packets where they can occur Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 07/11] udp: Validate UDP length in udp_gro_receive Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 08/11] udp: Set length in UDP header to 0 for big GSO packets Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 09/11] vxlan: Enable BIG TCP packets Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 10/11] geneve: " Alice Mikityanska
2026-06-02 9:39 ` [PATCH net-next v6 11/11] selftests: net: Add a test for BIG TCP in UDP tunnels Alice Mikityanska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260605023712.3627277-1-kuba@kernel.org \
--to=kuba@kernel.org \
--cc=alice.kernel@fastmail.im \
--cc=alice@isovalent.com \
--cc=andrew+netdev@lunn.ch \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=lucien.xin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=shuah@kernel.org \
--cc=stfomichev@gmail.com \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox