From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Gao feng <gaofeng@cn.fujitsu.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 55/82] ipv6: fix incorrect ipsec fragment
Date: Thu, 07 Jun 2012 13:04:31 +0900 [thread overview]
Message-ID: <20120607040344.300504752@linuxfoundation.org> (raw)
In-Reply-To: <20120607041406.GA13233@kroah.com>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gao feng <gaofeng@cn.fujitsu.com>
[ Upstream commit 0c1833797a5a6ec23ea9261d979aa18078720b74 ]
Since commit ad0081e43a
"ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed"
the fragment of packets is incorrect.
because tunnel mode needs IPsec headers and trailer for all fragments,
while on transport mode it is sufficient to add the headers to the
first fragment and the trailer to the last.
so modify mtu and maxfraglen base on ipsec mode and if fragment is first
or last.
with my test,it work well(every fragment's size is the mtu)
and does not trigger slow fragment path.
Changes from v1:
though optimization, mtu_prev and maxfraglen_prev can be delete.
replace xfrm mode codes with dst_entry's new frag DST_XFRM_TUNNEL.
add fuction ip6_append_data_mtu to make codes clearer.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/dst.h | 1
net/ipv6/ip6_output.c | 68 ++++++++++++++++++++++++++++++++++++-------------
net/xfrm/xfrm_policy.c | 3 ++
3 files changed, 54 insertions(+), 18 deletions(-)
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -60,6 +60,7 @@ struct dst_entry {
#define DST_NOCOUNT 0x0020
#define DST_NOPEER 0x0040
#define DST_FAKE_RTABLE 0x0080
+#define DST_XFRM_TUNNEL 0x0100
short error;
short obsolete;
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1181,6 +1181,29 @@ static inline struct ipv6_rt_hdr *ip6_rt
return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
}
+static void ip6_append_data_mtu(int *mtu,
+ int *maxfraglen,
+ unsigned int fragheaderlen,
+ struct sk_buff *skb,
+ struct rt6_info *rt)
+{
+ if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
+ if (skb == NULL) {
+ /* first fragment, reserve header_len */
+ *mtu = *mtu - rt->dst.header_len;
+
+ } else {
+ /*
+ * this fragment is not first, the headers
+ * space is regarded as data space.
+ */
+ *mtu = dst_mtu(rt->dst.path);
+ }
+ *maxfraglen = ((*mtu - fragheaderlen) & ~7)
+ + fragheaderlen - sizeof(struct frag_hdr);
+ }
+}
+
int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
int offset, int len, int odd, struct sk_buff *skb),
void *from, int length, int transhdrlen,
@@ -1190,7 +1213,7 @@ int ip6_append_data(struct sock *sk, int
struct inet_sock *inet = inet_sk(sk);
struct ipv6_pinfo *np = inet6_sk(sk);
struct inet_cork *cork;
- struct sk_buff *skb;
+ struct sk_buff *skb, *skb_prev = NULL;
unsigned int maxfraglen, fragheaderlen;
int exthdrlen;
int dst_exthdrlen;
@@ -1248,8 +1271,12 @@ int ip6_append_data(struct sock *sk, int
inet->cork.fl.u.ip6 = *fl6;
np->cork.hop_limit = hlimit;
np->cork.tclass = tclass;
- mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
- rt->dst.dev->mtu : dst_mtu(&rt->dst);
+ if (rt->dst.flags & DST_XFRM_TUNNEL)
+ mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
+ rt->dst.dev->mtu : dst_mtu(&rt->dst);
+ else
+ mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
+ rt->dst.dev->mtu : dst_mtu(rt->dst.path);
if (np->frag_size < mtu) {
if (np->frag_size)
mtu = np->frag_size;
@@ -1345,25 +1372,27 @@ int ip6_append_data(struct sock *sk, int
unsigned int fraglen;
unsigned int fraggap;
unsigned int alloclen;
- struct sk_buff *skb_prev;
alloc_new_skb:
- skb_prev = skb;
-
/* There's no room in the current skb */
- if (skb_prev)
- fraggap = skb_prev->len - maxfraglen;
+ if (skb)
+ fraggap = skb->len - maxfraglen;
else
fraggap = 0;
+ /* update mtu and maxfraglen if necessary */
+ if (skb == NULL || skb_prev == NULL)
+ ip6_append_data_mtu(&mtu, &maxfraglen,
+ fragheaderlen, skb, rt);
+
+ skb_prev = skb;
/*
* If remaining data exceeds the mtu,
* we know we need more fragment(s).
*/
datalen = length + fraggap;
- if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
- datalen = maxfraglen - fragheaderlen;
- fraglen = datalen + fragheaderlen;
+ if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
+ datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
if ((flags & MSG_MORE) &&
!(rt->dst.dev->features&NETIF_F_SG))
alloclen = mtu;
@@ -1372,13 +1401,16 @@ alloc_new_skb:
alloclen += dst_exthdrlen;
- /*
- * The last fragment gets additional space at tail.
- * Note: we overallocate on fragments with MSG_MODE
- * because we have no idea if we're the last one.
- */
- if (datalen == length + fraggap)
- alloclen += rt->dst.trailer_len;
+ if (datalen != length + fraggap) {
+ /*
+ * this is not the last fragment, the trailer
+ * space is regarded as data space.
+ */
+ datalen += rt->dst.trailer_len;
+ }
+
+ alloclen += rt->dst.trailer_len;
+ fraglen = datalen + fragheaderlen;
/*
* We just reserve space for fragment header.
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1919,6 +1919,9 @@ no_transform:
}
ok:
xfrm_pols_put(pols, drop_pols);
+ if (dst && dst->xfrm &&
+ dst->xfrm->props.mode == XFRM_MODE_TUNNEL)
+ dst->flags |= DST_XFRM_TUNNEL;
return dst;
nopol:
next prev parent reply other threads:[~2012-06-07 4:04 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-07 4:14 [ 00/82] 3.4.2-stable review Greg KH
2012-06-07 4:03 ` [ 01/82] exofs: Fix CRASH on very early IO errors Greg KH
2012-06-07 4:03 ` [ 02/82] microblaze: Do not select GENERIC_GPIO by default Greg KH
2012-06-07 4:03 ` [ 03/82] SCSI: fix scsi_wait_scan Greg KH
2012-06-07 4:03 ` [ 04/82] SCSI: Fix dm-multipath starvation when scsi host is busy Greg KH
2012-06-07 4:03 ` [ 05/82] mm/fork: fix overflow in vma length when copying mmap on clone Greg KH
2012-06-07 4:03 ` [ 06/82] mm: fix NULL ptr deref when walking hugepages Greg KH
2012-06-07 4:03 ` [ 07/82] mm: consider all swapped back pages in used-once logic Greg KH
2012-06-07 4:03 ` [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition Greg KH
2012-06-07 13:42 ` Josh Boyer
2012-06-07 14:42 ` Andrea Arcangeli
2012-06-07 17:46 ` Linus Torvalds
2012-06-07 19:04 ` Andrea Arcangeli
2012-06-07 21:00 ` Andrea Arcangeli
2012-06-07 21:00 ` [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE Andrea Arcangeli
2012-06-10 2:03 ` [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE\ Konrad Rzeszutek Wilk
2012-06-11 10:34 ` [Xen-devel] " Andrew Jones
2012-06-11 19:27 ` Konrad Rzeszutek Wilk
2012-06-11 19:41 ` Andrea Arcangeli
2012-06-07 21:02 ` [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition Andrea Arcangeli
2012-06-08 8:04 ` Greg KH
2012-06-07 17:52 ` Konrad Rzeszutek Wilk
2012-06-07 4:03 ` [ 09/82] mm: fix faulty initialization in vmalloc_init() Greg KH
2012-06-07 4:03 ` [ 10/82] iwlwifi: update BT traffic load states correctly Greg KH
2012-06-07 4:03 ` [ 11/82] iwlwifi: do not use shadow registers by default Greg KH
2012-06-07 4:03 ` [ 12/82] cifs: Include backup intent search flags during searches {try #2) Greg KH
2012-06-07 4:03 ` [ 13/82] cifs: fix oops while traversing open file list (try #4) Greg KH
2012-06-07 4:03 ` [ 14/82] PARISC: fix boot failure on 32-bit systems caused by branch stubs placed before .text Greg KH
2012-06-07 4:03 ` [ 15/82] PARISC: fix TLB fault path on PA2.0 narrow systems Greg KH
2012-06-07 4:03 ` [ 16/82] solos-pci: Fix DMA support Greg KH
2012-06-07 4:03 ` [ 17/82] MIPS: BCM63XX: Add missing include for bcm63xx_gpio.h Greg KH
2012-06-07 4:03 ` [ 18/82] mac80211: fix ADDBA declined after suspend with wowlan Greg KH
2012-06-07 4:03 ` [ 19/82] ixp4xx: fix compilation by adding gpiolib support Greg KH
2012-06-07 4:03 ` [ 20/82] ath9k: fix a use-after-free-bug when ath_tx_setup_buffer() fails Greg KH
2012-06-07 4:03 ` [ 21/82] x86, amd, xen: Avoid NULL pointer paravirt references Greg KH
2012-06-07 4:03 ` [ 22/82] NFS: kmalloc() doesnt return an ERR_PTR() Greg KH
2012-06-07 4:03 ` [ 23/82] NFSv4: Map NFS4ERR_SHARE_DENIED into an EACCES error instead of EIO Greg KH
2012-06-07 4:04 ` [ 24/82] hugetlb: fix resv_map leak in error path Greg KH
2012-06-07 4:04 ` [ 25/82] sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot Greg KH
2012-06-07 4:04 ` [ 26/82] iommu/amd: Check for the right TLP prefix bit Greg KH
2012-06-07 4:04 ` [ 27/82] iommu/amd: Add workaround for event log erratum Greg KH
2012-06-07 4:04 ` [ 28/82] drm/radeon: fix XFX quirk Greg KH
2012-06-07 4:04 ` [ 29/82] drm/radeon: fix typo in trinity tiling setup Greg KH
2012-06-07 4:04 ` [ 30/82] drm/i915: properly handle interlaced bit for sdvo dtd conversion Greg KH
2012-06-07 4:04 ` [ 31/82] drm/i915: Adding TV Out Missing modes Greg KH
2012-06-07 4:04 ` [ 32/82] drm/i915: wait for a vblank to pass after tv detect Greg KH
2012-06-07 4:04 ` [ 33/82] drm/i915: no lvds quirk for HP t5740e Thin Client Greg KH
2012-06-07 4:04 ` [ 34/82] kbuild: install kernel-page-flags.h Greg KH
2012-06-07 4:04 ` [ 35/82] mm: fix vma_resv_map() NULL pointer Greg KH
2012-06-07 4:04 ` [ 36/82] ALSA: usb-audio: fix rate_list memory leak Greg KH
2012-06-07 4:04 ` [ 37/82] slub: fix a memory leak in get_partial_node() Greg KH
2012-06-07 4:04 ` [ 38/82] vfs: umount_tree() might be called on subtree that had never made it Greg KH
2012-06-07 4:04 ` [ 39/82] vfs: increment iversion when a file is truncated Greg KH
2012-06-07 4:04 ` [ 40/82] fec_mpc52xx: fix timestamp filtering Greg KH
2012-06-07 4:04 ` [ 41/82] x86, x32, ptrace: Remove PTRACE_ARCH_PRCTL for x32 Greg KH
2012-06-07 4:04 ` [ 42/82] x86: Reset the debug_stack update counter Greg KH
2012-06-07 4:04 ` [ 43/82] mtd: nand: fix scan_read_raw_oob Greg KH
2012-06-07 4:04 ` [ 44/82] mtd: of_parts: fix breakage in Kconfig Greg KH
2012-06-07 4:04 ` [ 45/82] mtd: block2mtd: fix recursive call of mtd_writev Greg KH
2012-06-07 4:04 ` [ 46/82] mtd: mxc_nand: move ecc strengh setup before nand_scan_tail Greg KH
2012-06-07 4:04 ` [ 47/82] drm/radeon: fix regression in UMS CS ioctl Greg KH
2012-06-07 4:04 ` [ 48/82] drm/radeon: fix bank information in tiling config Greg KH
2012-06-07 4:04 ` [ 49/82] drm/radeon: properly program gart on rv740, juniper, cypress, barts, hemlock Greg KH
2012-06-07 4:04 ` [ 50/82] drm/radeon: fix HD6790, HD6570 backend programming Greg KH
2012-06-07 4:04 ` [ 51/82] drm/ttm: Fix spinlock imbalance Greg KH
2012-06-07 4:04 ` [ 52/82] drm/vmwgfx: Fix nasty write past alloced memory area Greg KH
2012-06-07 4:04 ` [ 53/82] asix: allow full size 8021Q frames to be received Greg KH
2012-06-08 2:27 ` Ben Hutchings
2012-06-08 3:54 ` David Miller
2012-06-07 4:04 ` [ 54/82] ipv4: fix the rcu race between free_fib_info and ip_route_output_slow Greg KH
2012-06-07 4:04 ` Greg KH [this message]
2012-06-07 4:04 ` [ 56/82] l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case Greg KH
2012-06-07 4:04 ` [ 57/82] skb: avoid unnecessary reallocations in __skb_cow Greg KH
2012-06-07 4:04 ` [ 58/82] xfrm: take net hdr len into account for esp payload size calculation Greg KH
2012-06-07 4:04 ` [ 59/82] ext4: fix potential NULL dereference in ext4_free_inodes_counts() Greg KH
2012-06-07 4:04 ` [ 60/82] ext4: force ro mount if ext4_setup_super() fails Greg KH
2012-06-07 4:04 ` [ 61/82] ext4: fix potential integer overflow in alloc_flex_gd() Greg KH
2012-06-07 4:04 ` [ 62/82] ext4: disallow hard-linked directory in ext4_lookup Greg KH
2012-06-07 4:04 ` [ 63/82] ext4: add missing save_error_info() to ext4_error() Greg KH
2012-06-07 4:04 ` [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS Greg KH
2012-06-08 3:03 ` Ben Hutchings
2012-06-08 3:11 ` Ted Ts'o
2012-06-08 3:21 ` Ben Hutchings
2012-06-08 20:05 ` Ted Ts'o
2012-06-08 23:01 ` Ben Hutchings
2012-06-09 2:30 ` Ted Ts'o
2012-06-09 12:56 ` Ben Hutchings
2012-06-09 15:23 ` Greg KH
2012-06-07 4:04 ` [ 65/82] ext4: add ext4_mb_unload_buddy in the error path Greg KH
2012-06-07 4:04 ` [ 66/82] ext4: remove mb_groups before tearing down the buddy_cache Greg KH
2012-06-07 4:04 ` [ 67/82] radix-tree: fix contiguous iterator Greg KH
2012-06-07 4:04 ` [ 68/82] drm/radeon/audio: dont hardcode CRTC id Greg KH
2012-06-07 4:04 ` [ 69/82] drm/radeon: fix vm deadlocks on cayman Greg KH
2012-06-07 4:04 ` [ 70/82] drm/radeon/kms: add new Trinity PCI ids Greg KH
2012-06-07 4:04 ` [ 71/82] drm/radeon/kms: add new Palm, Sumo " Greg KH
2012-06-07 4:04 ` [ 72/82] drm/radeon/kms: add new BTC " Greg KH
2012-06-07 4:04 ` [ 73/82] drm/radeon/kms: add new SI " Greg KH
2012-06-07 4:04 ` [ 74/82] iommu/amd: Cache pdev pointer to root-bridge Greg KH
2012-06-07 4:04 ` [ 75/82] iommu/amd: Fix deadlock in ppr-handling error path Greg KH
2012-06-07 4:04 ` [ 76/82] ACPI battery: only refresh the sysfs files when pertinent information changes Greg KH
2012-06-07 4:04 ` [ 77/82] vfs: Fix /proc/<tid>/fdinfo/<fd> file handling Greg KH
2012-06-07 4:04 ` [ 78/82] md: raid1/raid10: fix problem with merge_bvec_fn Greg KH
2012-06-07 4:04 ` [ 79/82] wl1251: fix oops on early interrupt Greg KH
2012-06-07 4:04 ` [ 80/82] drm/i915: always use RPNSWREQ for turbo change requests Greg KH
2012-06-07 4:04 ` [ 81/82] drm/i915/dp: Flush any outstanding work to turn the VDD off Greg KH
2012-06-07 4:04 ` [ 82/82] drm/i915: enable vdd when switching off the eDP panel Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120607040344.300504752@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davem@davemloft.net \
--cc=gaofeng@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).