[PATCH] Allow fragmentation of VLAN packets traversing a bridge.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
@ 2009-04-17 15:19 Saikiran Madugula
  2009-04-17 15:57 ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Saikiran Madugula @ 2009-04-17 15:19 UTC (permalink / raw)
  To: netdev; +Cc: Saikiran Madugula, netfilter-devel

br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
VLAN packets. This results in dropping of large VLAN packets. This can be
observed when connection tracking is enabled. Connection tracking re-assembles
fragmented packets, and these have to be re-fragmented when transmitting out.

Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
---
 net/bridge/br_netfilter.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 3953ac4..941f702 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -790,7 +790,7 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
 
 static int br_nf_dev_queue_xmit(struct sk_buff *skb)
 {
-	if (skb->protocol == htons(ETH_P_IP) &&
+	if ((skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
 	    skb->len > skb->dev->mtu &&
 	    !skb_is_gso(skb))
 		return ip_fragment(skb, br_dev_queue_push_xmit);
-- 
1.5.6.3

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
  2009-04-17 15:19 [PATCH] Allow fragmentation of VLAN packets traversing a bridge Saikiran Madugula
@ 2009-04-17 15:57 ` Patrick McHardy
  2009-04-17 17:07   ` Saikiran Madugula
  0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2009-04-17 15:57 UTC (permalink / raw)
  To: Saikiran Madugula; +Cc: netdev, netfilter-devel

Saikiran Madugula wrote:
> br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
> VLAN packets. This results in dropping of large VLAN packets. This can be
> observed when connection tracking is enabled. Connection tracking re-assembles
> fragmented packets, and these have to be re-fragmented when transmitting out.
> 
> Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
> ---
>  net/bridge/br_netfilter.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
> index 3953ac4..941f702 100644
> --- a/net/bridge/br_netfilter.c
> +++ b/net/bridge/br_netfilter.c
> @@ -790,7 +790,7 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
>  
>  static int br_nf_dev_queue_xmit(struct sk_buff *skb)
>  {
> -	if (skb->protocol == htons(ETH_P_IP) &&
> +	if ((skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
>  	    skb->len > skb->dev->mtu &&
>  	    !skb_is_gso(skb))
>  		return ip_fragment(skb, br_dev_queue_push_xmit);

Please add an additional check for skb->nfct != NULL to make sure
that this only refragments packets defragmented by conntrack.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
  2009-04-17 15:57 ` Patrick McHardy
@ 2009-04-17 17:07   ` Saikiran Madugula
  2009-04-17 17:20     ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Saikiran Madugula @ 2009-04-17 17:07 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: netdev, netfilter-devel

Patrick McHardy wrote:
> Saikiran Madugula wrote:
>> br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting
>> but not
>> VLAN packets. This results in dropping of large VLAN packets. This can be
>> observed when connection tracking is enabled. Connection tracking
>> re-assembles
>> fragmented packets, and these have to be re-fragmented when
>> transmitting out.
>>
>> Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
>> ---
>>  net/bridge/br_netfilter.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
>> index 3953ac4..941f702 100644
>> --- a/net/bridge/br_netfilter.c
>> +++ b/net/bridge/br_netfilter.c
>> @@ -790,7 +790,7 @@ static unsigned int br_nf_local_out(unsigned int
>> hook, struct sk_buff *skb,
>>  
>>  static int br_nf_dev_queue_xmit(struct sk_buff *skb)
>>  {
>> -    if (skb->protocol == htons(ETH_P_IP) &&
>> +    if ((skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
>>          skb->len > skb->dev->mtu &&
>>          !skb_is_gso(skb))
>>          return ip_fragment(skb, br_dev_queue_push_xmit);
> 
> Please add an additional check for skb->nfct != NULL to make sure
> that this only refragments packets defragmented by conntrack.

Thanks for the feedback, skb->nfct is present only if CONFIG_NF_CONNTRACK or
CONFIG_NF_CONNTRACK_MODULE is defined. Was wondering if the entire check before
ip_fragment is necessary if NF_CONNTRACK is not defined. If not, I will post
updated patch as per your suggestion.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
  2009-04-17 17:07   ` Saikiran Madugula
@ 2009-04-17 17:20     ` Patrick McHardy
  2009-04-17 22:51       ` Saikiran Madugula
  0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2009-04-17 17:20 UTC (permalink / raw)
  To: Saikiran Madugula; +Cc: netdev, netfilter-devel

Saikiran Madugula wrote:
> Patrick McHardy wrote:
>>> -    if (skb->protocol == htons(ETH_P_IP) &&
>>> +    if ((skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
>>>          skb->len > skb->dev->mtu &&
>>>          !skb_is_gso(skb))
>>>          return ip_fragment(skb, br_dev_queue_push_xmit);
>> Please add an additional check for skb->nfct != NULL to make sure
>> that this only refragments packets defragmented by conntrack.
> 
> Thanks for the feedback, skb->nfct is present only if CONFIG_NF_CONNTRACK or
> CONFIG_NF_CONNTRACK_MODULE is defined. Was wondering if the entire check before
> ip_fragment is necessary if NF_CONNTRACK is not defined. If not, I will post
> updated patch as per your suggestion.

Good point. Yes, everything related to fragmenting is only needed
with NF_CONNTRACK, so an additional ifdef makes sense.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
  2009-04-17 17:20     ` Patrick McHardy
@ 2009-04-17 22:51       ` Saikiran Madugula
  2009-04-20 15:13         ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Saikiran Madugula @ 2009-04-17 22:51 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Saikiran Madugula, netdev, netfilter-devel

br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
VLAN packets. This results in dropping of large VLAN packets. This can be
observed when connection tracking is enabled. Connection tracking re-assembles
fragmented packets, and these have to re-fragmented when transmitting out. Also,
make sure only refragmented packets are defragmented as per suggestion from
Patrick McHardy.

Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
---
 net/bridge/br_netfilter.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 3953ac4..e4a418f 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -788,15 +788,23 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
 	return NF_STOLEN;
 }
 
+#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
 static int br_nf_dev_queue_xmit(struct sk_buff *skb)
 {
-	if (skb->protocol == htons(ETH_P_IP) &&
+	if (skb->nfct != NULL &&
+	    (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
 	    skb->len > skb->dev->mtu &&
 	    !skb_is_gso(skb))
 		return ip_fragment(skb, br_dev_queue_push_xmit);
 	else
 		return br_dev_queue_push_xmit(skb);
 }
+#else
+static int br_nf_dev_queue_xmit(struct sk_buff *skb)
+{
+        return br_dev_queue_push_xmit(skb);
+}
+#endif
 
 /* PF_BRIDGE/POST_ROUTING ********************************************/
 static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
-- 
1.5.6.3

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] Allow fragmentation of VLAN packets traversing a bridge.
  2009-04-17 22:51       ` Saikiran Madugula
@ 2009-04-20 15:13         ` Patrick McHardy
  0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2009-04-20 15:13 UTC (permalink / raw)
  To: Saikiran Madugula; +Cc: netdev, netfilter-devel

Saikiran Madugula wrote:
> br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
> VLAN packets. This results in dropping of large VLAN packets. This can be
> observed when connection tracking is enabled. Connection tracking re-assembles
> fragmented packets, and these have to re-fragmented when transmitting out. Also,
> make sure only refragmented packets are defragmented as per suggestion from
> Patrick McHardy.

Applied, thanks Saikiran.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2009-04-20 15:13 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-17 15:19 [PATCH] Allow fragmentation of VLAN packets traversing a bridge Saikiran Madugula
2009-04-17 15:57 ` Patrick McHardy
2009-04-17 17:07   ` Saikiran Madugula
2009-04-17 17:20     ` Patrick McHardy
2009-04-17 22:51       ` Saikiran Madugula
2009-04-20 15:13         ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).