From: Konstantin Shemyak <konstantin@shemyak.com>
To: David Miller <davem@davemloft.net>, hannes@stressinduktion.org
Cc: netdev@vger.kernel.org, pshelar@nicira.com
Subject: Re: IPv4 tunnels: why IP-IP and SIT enforce DF bit, but GRE does not?
Date: Sat, 5 Dec 2015 17:24:39 +0200 [thread overview]
Message-ID: <566301B7.3050506@shemyak.com> (raw)
In-Reply-To: <20151201.120851.2159228528635979581.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 663 bytes --]
On 01.12.2015 19:08, David Miller wrote:
> From: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Date: Tue, 01 Dec 2015 14:30:55 +0100
>
>> On Tue, Dec 1, 2015, at 14:20, Konstantin Shemyak wrote:
>>> My point was not to question its feasibility, but to make it similar
>>> across GRE, IP-IP and SIT tunnels.
>>
>> I would send a patch to add it again if Parvin didn't have good reasons
>> to remove it.
>
> The tunnel code consolidation created a lot of regressions and subtle
> unintended changes in behavior between the different tunnel types.
>
> This DF bit issue is just yet another example of that.
The patch is rather trivial; attached.
Konstantin.
[-- Attachment #2: 0001-Set-DF-bit-to-GRE-tunnels-with-fixed-TTL-similarly-t.patch --]
[-- Type: text/x-patch, Size: 951 bytes --]
>From b8a901a0d970907a2dc162744536b1ef07e5d45a Mon Sep 17 00:00:00 2001
From: Konstantin Shemyak <konstantin@shemyak.com>
Date: Sat, 5 Dec 2015 17:15:55 +0200
Subject: [PATCH] Set DF bit to GRE tunnels with fixed TTL, similarly to IP-IP
and SIT
The DF bit on IPv4 tunnels with fixed TTL is enforced in order to
prevent networking loops. This was the original behavior of GRE
tunnels, lost in the refactoring.
---
net/ipv4/ip_gre.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 6145214..485bf27 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -679,6 +679,10 @@ static int ipgre_tunnel_ioctl(struct net_device *dev,
((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
return -EINVAL;
}
+
+ if (p.iph.ttl)
+ p.iph.frag_off |= htons(IP_DF);
+
p.i_flags = gre_flags_to_tnl_flags(p.i_flags);
p.o_flags = gre_flags_to_tnl_flags(p.o_flags);
--
1.9.1
next prev parent reply other threads:[~2015-12-05 15:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-26 18:28 IPv4 tunnels: why IP-IP and SIT enforce DF bit, but GRE does not? Konstantin Shemyak
2015-12-01 10:15 ` Hannes Frederic Sowa
2015-12-01 13:20 ` Konstantin Shemyak
2015-12-01 13:30 ` Hannes Frederic Sowa
2015-12-01 17:08 ` David Miller
2015-12-05 15:24 ` Konstantin Shemyak [this message]
2015-12-05 18:07 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566301B7.3050506@shemyak.com \
--to=konstantin@shemyak.com \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
--cc=pshelar@nicira.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).