[PATCH 02/19] Cleaning up the IPv6 MTU checking in the IPVS xmit code, by using a common helper function __mtu_check_toobig_v6().

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH 02/19] Cleaning up the IPv6 MTU checking in the IPVS xmit code, by using a common helper function __mtu_check_toobig_v6().
Date: Tue, 28 Aug 2012 23:48:42 +0200	[thread overview]
Message-ID: <1346190539-9963-3-git-send-email-kaber@trash.net> (raw)
In-Reply-To: <1346190539-9963-1-git-send-email-kaber@trash.net>

From: Jesper Dangaard Brouer <brouer@redhat.com>

The MTU check for tunnel mode can also use this helper as
ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr) is qual to
skb->len.  And the 'mtu' variable have been adjusted before
calling helper.

Notice, this also fixes a bug, as the the MTU check in ip_vs_dr_xmit_v6()
were missing a check for skb_is_gso().

This bug e.g. caused issues for KVM IPVS setups, where different
Segmentation Offloading techniques are utilized, between guests,
via the virtio driver.  This resulted in very bad performance,
due to the ICMPv6 "too big" messages didn't affect the sender.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 net/netfilter/ipvs/ip_vs_xmit.c |   21 +++++++++++++++------
 1 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 543a554..67a3978 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -85,6 +85,15 @@ __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos)
 	return dst;
 }
 
+static inline bool
+__mtu_check_toobig_v6(const struct sk_buff *skb, u32 mtu)
+{
+	if (skb->len > mtu && !skb_is_gso(skb)) {
+		return true; /* Packet size violate MTU size */
+	}
+	return false;
+}
+
 /* Get route to daddr, update *saddr, optionally bind route to saddr */
 static struct rtable *do_output_route4(struct net *net, __be32 daddr,
 				       u32 rtos, int rt_mode, __be32 *saddr)
@@ -491,7 +500,7 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 
 	/* MTU checking */
 	mtu = dst_mtu(&rt->dst);
-	if (skb->len > mtu && !skb_is_gso(skb)) {
+	if (__mtu_check_toobig_v6(skb, mtu)) {
 		if (!skb->dev) {
 			struct net *net = dev_net(skb_dst(skb)->dev);
 
@@ -712,7 +721,7 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 
 	/* MTU checking */
 	mtu = dst_mtu(&rt->dst);
-	if (skb->len > mtu && !skb_is_gso(skb)) {
+	if (__mtu_check_toobig_v6(skb, mtu)) {
 		if (!skb->dev) {
 			struct net *net = dev_net(skb_dst(skb)->dev);
 
@@ -946,8 +955,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 	if (skb_dst(skb))
 		skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
 
-	if (mtu < ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr) &&
-	    !skb_is_gso(skb)) {
+	/* MTU checking: Notice that 'mtu' have been adjusted before hand */
+	if (__mtu_check_toobig_v6(skb, mtu)) {
 		if (!skb->dev) {
 			struct net *net = dev_net(skb_dst(skb)->dev);
 
@@ -1113,7 +1122,7 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 
 	/* MTU checking */
 	mtu = dst_mtu(&rt->dst);
-	if (skb->len > mtu) {
+	if (__mtu_check_toobig_v6(skb, mtu)) {
 		if (!skb->dev) {
 			struct net *net = dev_net(skb_dst(skb)->dev);
 
@@ -1349,7 +1358,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 
 	/* MTU checking */
 	mtu = dst_mtu(&rt->dst);
-	if (skb->len > mtu && !skb_is_gso(skb)) {
+	if (__mtu_check_toobig_v6(skb, mtu)) {
 		if (!skb->dev) {
 			struct net *net = dev_net(skb_dst(skb)->dev);
 
-- 
1.7.1

next prev parent reply	other threads:[~2012-08-28 21:49 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-28 21:48 [PATCH 00/19] netfilter: IPv6 NAT Patrick McHardy
2012-08-28 21:48 ` [PATCH 01/19] ipv4: fix path MTU discovery with connection tracking Patrick McHardy
2012-08-28 21:48 ` Patrick McHardy [this message]
2012-08-29  8:02   ` [PATCH 02/19] Cleaning up the IPv6 MTU checking in the IPVS xmit code, by using a common helper function __mtu_check_toobig_v6() Jesper Dangaard Brouer
2012-08-29 12:24     ` Patrick McHardy
2012-08-30  1:01       ` Pablo Neira Ayuso
2012-08-28 21:48 ` [PATCH 03/19] netfilter: nf_conntrack_ipv6: improve fragmentation handling Patrick McHardy
2012-08-29  8:21   ` Jesper Dangaard Brouer
2012-08-29 12:27     ` Patrick McHardy
2012-08-30  3:06       ` Pablo Neira Ayuso
2012-08-30  6:54         ` Patrick McHardy
2012-08-28 21:48 ` [PATCH 04/19] netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments Patrick McHardy
2012-08-28 21:48 ` [PATCH 05/19] netfilter: nf_conntrack: restrict NAT helper invocation to IPv4 Patrick McHardy
2012-08-28 21:48 ` [PATCH 06/19] netfilter: nf_nat: add protoff argument to packet mangling functions Patrick McHardy
2012-08-28 21:48 ` [PATCH 07/19] netfilter: add protocol independent NAT core Patrick McHardy
2012-08-28 21:48 ` [PATCH 08/19] netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change Patrick McHardy
2012-08-28 21:48 ` [PATCH 09/19] net: core: add function for incremental IPv6 pseudo header checksum updates Patrick McHardy
2012-08-28 21:48 ` [PATCH 10/19] netfilter: ipv6: add IPv6 NAT support Patrick McHardy
2012-08-28 21:48 ` [PATCH 11/19] netfilter: ip6tables: add MASQUERADE target Patrick McHardy
2012-08-28 21:48 ` [PATCH 12/19] netfilter: ip6tables: add REDIRECT target Patrick McHardy
2012-08-28 21:48 ` [PATCH 13/19] netfilter: ip6tables: add NETMAP target Patrick McHardy
2012-08-28 21:48 ` [PATCH 14/19] netfilter: nf_nat: support IPv6 in FTP NAT helper Patrick McHardy
2012-08-28 21:48 ` [PATCH 15/19] netfilter: nf_nat: support IPv6 in amanda " Patrick McHardy
2012-08-28 21:48 ` [PATCH 16/19] netfilter: nf_nat: support IPv6 in SIP " Patrick McHardy
2012-08-28 21:48 ` [PATCH 17/19] netfilter: nf_nat: support IPv6 in IRC " Patrick McHardy
2012-08-28 21:48 ` [PATCH 18/19] netfilter: nf_nat: support IPv6 in TFTP " Patrick McHardy
2012-08-28 21:48 ` [PATCH 19/19] netfilter: ip6tables: add stateless IPv6-to-IPv6 Network Prefix Translation target Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:543a554 dfblob:67a3978 )
 OR (
bs:"[PATCH 02/19] Cleaning up the IPv6 MTU checking in the IPVS xmit code, by using a common helper function __mtu_check_toobig_v6()." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1346190539-9963-3-git-send-email-kaber@trash.net \
    --to=kaber@trash.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).