Commit c0451fe1 authored by Shmulik Ladkani's avatar Shmulik Ladkani Committed by David S. Miller

net: ip_finish_output_gso: Allow fragmenting segments of tunneled skbs if their DF is unset

In b8247f09,

   "net: ip_finish_output_gso: If skb_gso_network_seglen exceeds MTU, allow segmentation for local udp tunneled skbs"

gso skbs arriving from an ingress interface that go through UDP
tunneling, are allowed to be fragmented if the resulting encapulated
segments exceed the dst mtu of the egress interface.

This aligned the behavior of gso skbs to non-gso skbs going through udp
encapsulation path.

However the non-gso vs gso anomaly is present also in the following
cases of a GRE tunnel:
 - ip_gre in collect_md mode, where TUNNEL_DONT_FRAGMENT is not set
   (e.g. OvS vport-gre with df_default=false)
 - ip_gre in nopmtudisc mode, where IFLA_GRE_IGNORE_DF is set

In both of the above cases, the non-gso skbs get fragmented, whereas the
gso skbs (having skb_gso_network_seglen that exceeds dst mtu) get dropped,
as they don't go through the segment+fragment code path.

Fix: Setting IPSKB_FRAG_SEGS if the tunnel specified IP_DF bit is NOT set.

Tunnels that do set IP_DF, will not go to fragmentation of segments.
This preserves behavior of ip_gre in (the default) pmtudisc mode.

Fixes: b8247f09 ("net: ip_finish_output_gso: If skb_gso_network_seglen exceeds MTU, allow segmentation for local udp tunneled skbs")
Reported-by: default avatarwenxu <wenxu@ucloud.cn>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarShmulik Ladkani <shmulik.ladkani@gmail.com>
Tested-by: default avatarwenxu <wenxu@ucloud.cn>
Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 85b51b12
...@@ -73,9 +73,11 @@ void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, ...@@ -73,9 +73,11 @@ void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb,
skb_dst_set(skb, &rt->dst); skb_dst_set(skb, &rt->dst);
memset(IPCB(skb), 0, sizeof(*IPCB(skb))); memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
if (skb_iif && proto == IPPROTO_UDP) { if (skb_iif && !(df & htons(IP_DF))) {
/* Arrived from an ingress interface and got udp encapuslated. /* Arrived from an ingress interface, got encapsulated, with
* The encapsulated network segment length may exceed dst mtu. * fragmentation of encapulating frames allowed.
* If skb is gso, the resulting encapsulated network segments
* may exceed dst mtu.
* Allow IP Fragmentation of segments. * Allow IP Fragmentation of segments.
*/ */
IPCB(skb)->flags |= IPSKB_FRAG_SEGS; IPCB(skb)->flags |= IPSKB_FRAG_SEGS;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment