答复: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Yang Huajian（杨华健）" <huajianyang@asrmicro.com>
To: Florian Westphal <fw@strlen.de>
Cc: "pablo@netfilter.org" <pablo@netfilter.org>,
	"kadlec@netfilter.org" <kadlec@netfilter.org>,
	"razor@blackwall.org" <razor@blackwall.org>,
	"idosch@nvidia.com" <idosch@nvidia.com>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"dsahern@kernel.org" <dsahern@kernel.org>,
	"edumazet@google.com" <edumazet@google.com>,
	"kuba@kernel.org" <kuba@kernel.org>,
	"pabeni@redhat.com" <pabeni@redhat.com>,
	"horms@kernel.org" <horms@kernel.org>,
	"netfilter-devel@vger.kernel.org"
	<netfilter-devel@vger.kernel.org>,
	"coreteam@netfilter.org" <coreteam@netfilter.org>,
	"bridge@lists.linux.dev" <bridge@lists.linux.dev>,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: 答复: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it
Date: Fri, 11 Apr 2025 02:43:35 +0000	[thread overview]
Message-ID: <717907fcffc7406191a71297fc07f6b3@exch03.asrmicro.com> (raw)
In-Reply-To: <20250410101824.GA6272@breakpoint.cc>

Thank you for your reply!

In an earlier email I wrote:

> Some network devices that would not able to ping large packet under 
> bridge, but large packet ping is successful if not enable NF_CONNTRACK_BRIDGE.

If the ping test successed without NF_CONNTRACK_BRIDGE, it is because the netdev doesn't need such a large headroom in actual network forwarding.

If the netdev realy need it, the original bridge forwarding will fail too.

Maybe we need reconfig our wifi netdev or something else.

So is the nf_br_ip_fragment done to be consistent with the original bridge forwarding?

There are two very different ideas here:

One is to try to maintain the same treatment as the original bridge, as it is currently.

The other is to try to ensure that the packet is forwarded.

> I would prefer to keep blackhole logic for the mtu tests, i.e.
>  if (first_len - hlen > mtu)
>      goto blackhole;

Anyway, this modification is more appropriate.

Because I have tested by change mtu just now, goto slowpath cannot forward it either.


Best Regards,
Huajian

-----邮件原件-----
发件人: Florian Westphal [mailto:fw@strlen.de] 
发送时间: 2025年4月10日 18:18
收件人: Yang Huajian（杨华健） <huajianyang@asrmicro.com>
抄送: pablo@netfilter.org; fw@strlen.de; kadlec@netfilter.org; razor@blackwall.org; idosch@nvidia.com; davem@davemloft.net; dsahern@kernel.org; edumazet@google.com; kuba@kernel.org; pabeni@redhat.com; horms@kernel.org; netfilter-devel@vger.kernel.org; coreteam@netfilter.org; bridge@lists.linux.dev; netdev@vger.kernel.org; linux-kernel@vger.kernel.org
主题: Re: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it

Huajian Yang <huajianyang@asrmicro.com> wrote:
> --- a/net/bridge/netfilter/nf_conntrack_bridge.c
> +++ b/net/bridge/netfilter/nf_conntrack_bridge.c
> @@ -61,18 +61,14 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
>  		struct sk_buff *frag;
>  
>  		if (first_len - hlen > mtu ||
> -		    skb_headroom(skb) < ll_rs)
> -			goto blackhole;

I would prefer to keep blackhole logic for the mtu tests, i.e.
  if (first_len - hlen > mtu)
      goto blackhole;

same for the frag->len test in the skb_walk_frags loop.
From what I understood the problem is only because of the lower devices' headroom requirement.

next prev parent reply	other threads:[~2025-04-11  2:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-10  7:57 [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it Huajian Yang
2025-04-10 10:18 ` Florian Westphal
2025-04-11  2:43   ` Yang Huajian（杨华健） [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-04-17  9:29 Huajian Yang
2025-04-17 14:12 ` Florian Westphal
2025-04-24  2:12   ` 答复: " Yang Huajian（杨华健）

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=717907fcffc7406191a71297fc07f6b3@exch03.asrmicro.com \
    --to=huajianyang@asrmicro.com \
    --cc=bridge@lists.linux.dev \
    --cc=coreteam@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=horms@kernel.org \
    --cc=idosch@nvidia.com \
    --cc=kadlec@netfilter.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=pablo@netfilter.org \
    --cc=razor@blackwall.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).