[PATCH] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[PATCH] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Wei Yongjun]

SCTP used ip6_xmit() to send fragments after received ICMP packet too
big message. But while send packet used ip6_xmit, the skb->local_df is
not initialized. So when skb if enter ip6_fragment
<../cgi-bin/global.cgi?pattern=ip6_fragment&type=reference>(), the following
code will discard the skb.

ip6_fragment(...)
{
    if (!skb->local_df) {
        ...
        return -EMSGSIZE;
    }
    ...
}


SCTP do the following step:
1. send packet ip6_xmit(skb, ipfragok=0)
2. received ICMP packet too big message
3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1)

This bug come from patch (b5c15fc004ac83b7ad280acbe0fd4bbed7e2c8d4)
[IPV6]: Fix reversed local_df test in ip6_fragment
which commit by Herbert Xu.

This patch fixed the problem.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
---
 net/ipv6/ip6_output.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 6407c64..a678c71 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -236,6 +236,10 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
 	skb_reset_network_header(skb);
 	hdr = ipv6_hdr(skb);
 
+	/* Allow local fragmentation. */
+	if (np && np->pmtudisc < IPV6_PMTUDISC_DO)
+		skb->local_df = 1;
+
 	/*
 	 *	Fill in the IPv6 header
 	 */

Re: [PATCH] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Herbert Xu]

On Thu, Jul 31, 2008 at 01:55:57PM +0800, Wei Yongjun wrote:
> SCTP used ip6_xmit() to send fragments after received ICMP packet too
> big message. But while send packet used ip6_xmit, the skb->local_df is
> not initialized. So when skb if enter ip6_fragment
> <../cgi-bin/global.cgi?pattern=ip6_fragment&type=reference>(), the following
> code will discard the skb.

That sounds broken.  ip6_xmit is for TCP-like protocols that
perform PMTU-discovery.  Therefore it should never fragment
locally.

So either SCTP needs to do the same, or it should switch to
something other than ip6_xmit.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Wei Yongjun]

Herbert Xu wrote:
> On Thu, Jul 31, 2008 at 01:55:57PM +0800, Wei Yongjun wrote:
>   
>> SCTP used ip6_xmit() to send fragments after received ICMP packet too
>> big message. But while send packet used ip6_xmit, the skb->local_df is
>> not initialized. So when skb if enter ip6_fragment
>> <../cgi-bin/global.cgi?pattern=ip6_fragment&type=reference>(), the following
>> code will discard the skb.
>>     
>
> That sounds broken.  ip6_xmit is for TCP-like protocols that
> perform PMTU-discovery.  Therefore it should never fragment
> locally.
>
> So either SCTP needs to do the same, or it should switch to
> something other than ip6_xmit.
>   

So what does the ipfragok paramater means?
TCP used  ip6_xmit always set ipfragok = 0. But if ipfragok=1, what will 
happend?

If ipfragok = 0, and skb->len > mtu, ip6_xmit will discard the skb.

If ipfragok=1, ip6_xmit will pass skb to ip6_output() and send skb used 
ip6_fragment(), but skb will be discard since local_df is 0, it seems 
that ipfragok has no effect.

skb->local_df is set to 1 if np->pmtudisc < IPV6_PMTUDISC_DO in other 
place, so I think it may also set to 1 if np->pmtudisc < 
IPV6_PMTUDISC_DO, and send the skb used ip6_fragment(). Is this correct?

As I know, if I send skb in IPv4 used ip_queue_xmit(ipfragok=1), skb 
will be send in fragments if len > mtu.

int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
              struct ipv6_txoptions *opt, int ipfragok)
{
        ...
        mtu = dst_mtu(dst);
        if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) {
                IP6_INC_STATS(ip6_dst_idev(skb->dst),
                              IPSTATS_MIB_OUTREQUESTS);
                return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
                                dst_output);
        }

        if (net_ratelimit())
                printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
        ...
}

int ip6_output(struct sk_buff *skb)
{
        if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
                                dst_allfrag(skb->dst))
                return ip6_fragment(skb, ip6_output2);
        else
                return ip6_output2(skb);
}

Re: [PATCH] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Herbert Xu]

On Thu, Jul 31, 2008 at 05:11:56PM +0800, Wei Yongjun wrote:
>
> So what does the ipfragok paramater means?
> TCP used  ip6_xmit always set ipfragok = 0. But if ipfragok=1, what will 
> happend?

OK it's already been butchered for SCTP :)

In that case you should set local_df iff ipfragok is true.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCHv2] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Wei Yongjun]

SCTP used ip6_xmit() to send fragments after received ICMP packet too
big message. But while send packet used ip6_xmit, the skb->local_df is
not initialized. So when skb if enter ip6_fragment(), the following
code will discard the skb.

ip6_fragment(...)
{
    if (!skb->local_df) {
        ...
        return -EMSGSIZE;
    }
    ...
}

SCTP do the following step:
1. send packet ip6_xmit(skb, ipfragok=0)
2. received ICMP packet too big message
3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1)

This patch fixed the problem by set local_df if ipfragok is true.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
---
 net/ipv6/ip6_output.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 6407c64..0969f2a 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -236,6 +236,10 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
 	skb_reset_network_header(skb);
 	hdr = ipv6_hdr(skb);
 
+	/* Allow local fragmentation. */
+	if (ipfragok)
+		skb->local_df = 1;
+
 	/*
 	 *	Fill in the IPv6 header
 	 */
-- 
1.5.3.8

Re: [PATCHv2] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[Herbert Xu]

On Thu, Jul 31, 2008 at 05:55:29PM +0800, Wei Yongjun wrote:
> SCTP used ip6_xmit() to send fragments after received ICMP packet too
> big message. But while send packet used ip6_xmit, the skb->local_df is
> not initialized. So when skb if enter ip6_fragment(), the following
> code will discard the skb.
> 
> ip6_fragment(...)
> {
>    if (!skb->local_df) {
>        ...
>        return -EMSGSIZE;
>    }
>    ...
> }
> 
> SCTP do the following step:
> 1. send packet ip6_xmit(skb, ipfragok=0)
> 2. received ICMP packet too big message
> 3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1)
> 
> This patch fixed the problem by set local_df if ipfragok is true.
> 
> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCHv2] ipv6: Fix ip6_xmit to send fragments if ipfragok is true

[David Miller]

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Thu, 31 Jul 2008 18:41:50 +0800

> On Thu, Jul 31, 2008 at 05:55:29PM +0800, Wei Yongjun wrote:
> > SCTP used ip6_xmit() to send fragments after received ICMP packet too
> > big message. But while send packet used ip6_xmit, the skb->local_df is
> > not initialized. So when skb if enter ip6_fragment(), the following
> > code will discard the skb.
> > 
> > ip6_fragment(...)
> > {
> >    if (!skb->local_df) {
> >        ...
> >        return -EMSGSIZE;
> >    }
> >    ...
> > }
> > 
> > SCTP do the following step:
> > 1. send packet ip6_xmit(skb, ipfragok=0)
> > 2. received ICMP packet too big message
> > 3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1)
> > 
> > This patch fixed the problem by set local_df if ipfragok is true.
> > 
> > Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
> 
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, and I'll queue this up for -stable.

Thanks everyone.