From patchwork Fri Oct 20 05:32:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 155814 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2010:b0:403:3b70:6f57 with SMTP id fe16csp839006vqb; Thu, 19 Oct 2023 22:33:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFRfyJLuZzO0SHbTj/znjNrUi3kxNt34zy6IzT6N+Af+d+YXfShd+Z7RQ+V+sygffrc9JPl X-Received: by 2002:a05:6358:5384:b0:166:c004:f657 with SMTP id z4-20020a056358538400b00166c004f657mr773969rwe.14.1697779989553; Thu, 19 Oct 2023 22:33:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697779989; cv=none; d=google.com; s=arc-20160816; b=vM8+8nTptLgvyAhWPoYFN3jzSnAtKqZOGYDnrrrtbttjQEjuzisgakJztkA7V9cPTe Yb3uFPf5WptH8cN56aSuTG1TepxmzMFbvJkC3Fo/2Uhk2loBgL2nd6ffYnrTXWARmJLW Q1Of7ud1gEn2VD9CWFhTe9Ee8ztJiA31UdYyClzJaqK+CaaCUG/UsHkx0xdb/3Lh1+sZ p7iKQuVmUudrGn16WnnDw63xuQD+YoWw7oOoaVwzyc5XXTuLZcNbxgRG0B1QMOwngDMb eiUeu1cFLc9z2nHDCTE+/LEQl4Lbq2sol8Pzw7UwMbIqvQkfdlgldTSHf0IQNP02Th2n VjOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=KV869UUQKRDRmnZ80A1/n7z6+idYBNckQF54inYjS5g=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=ndFdR14dUKkq+8h6smBTY3wgwc9rqS8ZJgfj6JpQj/EK6IGKQYSZ+9wdifpLXMl1Mu kjT1l3XAQCtZ78UM67gvahGtOJBFhDMxAsly8QMO0h0Foc/piWQysUZ5bNoN44lhliyx UyfT0/8+KZ+t9f5GmcaRafyJdBIt2yZk4OU4JIXkZs2/LPN4Vk4BKG2GpRapfgKuUKt9 T8nH95WIMFI1CCiCD4RdldqGEhqXKbuFZMWvPG8gVgtWDedl2ZQMjEh9Dtpsr500hlR/ G0tQp36n+m6mgyvJGw+LYErvAnYAuzi7g+GfMnV4evVTNdaEWb7RMXZxvW/Kosi3aS6K CElQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=HzbvMgu0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id a28-20020aa7971c000000b006bd3ba8e610si1149010pfg.133.2023.10.19.22.33.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:33:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=HzbvMgu0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 3A09981D0B75; Thu, 19 Oct 2023 22:33:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346301AbjJTFcx (ORCPT + 25 others); Fri, 20 Oct 2023 01:32:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345460AbjJTFcv (ORCPT ); Fri, 20 Oct 2023 01:32:51 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67E20119 for ; Thu, 19 Oct 2023 22:32:50 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-7781bc3783fso28481585a.1 for ; Thu, 19 Oct 2023 22:32:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1697779969; x=1698384769; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=KV869UUQKRDRmnZ80A1/n7z6+idYBNckQF54inYjS5g=; b=HzbvMgu0lCF6faIChfXVinjI8bdH8kCWR2utK3tXvu34fwxKuN+u7vQC/G26UceGv+ SzAlBbmmwoyVsMMJDSYTFzUfmx4HYcSpKW17SlKRor46zKxpjr6mwSaGGbxtPh0q8TgV yFKM4Ca7zSRagheV0IgDbFz4qAx4bITuix1XYKvWn7fxL9oGRbvNwfXRzE8OlLpwFzQo ypWPvQR5Vq97WzVambzsJJY1rCxxp6gIoMAoPfLEWaABiCZp25xVa0DQyTSr5qstDPcT 5/t822WT84u42eN7Th3pb3hEGHGm5n+IjmmX95weEKhR59aX+AtSUMlj/PwMdXA9gR5B QijA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697779969; x=1698384769; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=KV869UUQKRDRmnZ80A1/n7z6+idYBNckQF54inYjS5g=; b=InDf4XvD41ZbSPhNdaEm3e4Boi0Hzj6IYf+Anot8dUrsuXNTVEwr6lcvzimQ1DKg3R 8ah+ooL6i1yrqtqHvjuq6rgyiLheQbBm1m4SFyoBw1pxHbw/C//cqppNX5HD/3H+HAWa EUGEBd/zLHS6IviRztucY3i+kaRZNDXHNI7wfidOTRvltcwYJX3ZqVXdseB69LjlqJ1R ksWyijcKlH1b2gObv7wseYtbmMDll0Td7Zk8EyWOlrKq+ul3shyb4KTuEVEEznzxoGnU rXJL2gdSbZ6rkkDPsndmNaHeAvSvQpywp0CT96u5tIMikNFjotT7Dg72y9bX0YH251BI 8ceA== X-Gm-Message-State: AOJu0YzOeXToSj8dBFkB7bqqaN0w1moI0iSFF27n9lFJDQspxMtuhVoP yJjHEoF5v56vZ61h48yOeUvD0Q== X-Received: by 2002:a05:6214:d66:b0:66d:1e25:9774 with SMTP id 6-20020a0562140d6600b0066d1e259774mr916666qvs.61.1697779969555; Thu, 19 Oct 2023 22:32:49 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id g20-20020ad457b4000000b0065d0dcc28e3sm421513qvx.73.2023.10.19.22.32.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:32:49 -0700 (PDT) Date: Thu, 19 Oct 2023 22:32:47 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v3 net-next 1/3] ipv6: remove dst_allfrag test on ipv6 output Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 19 Oct 2023 22:33:07 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780251350486325310 X-GMAIL-MSGID: 1780251350486325310 dst_allfrag was added before the first git commit: https://www.mail-archive.com/bk-commits-head@vger.kernel.org/msg03399.html The feature would send packets to the fragmentation path if a box receives a PMTU value with less than 1280 byte. However, since commit 9d289715eb5c ("ipv6: stop sending PTB packets for MTU < 1280"), such message would be simply discarded. The feature flag is neither supported in iproute2 utility. In theory one can still manipulate it with direct netlink message, but it is not ideal because it was based on obsoleted guidance of RFC-2460 (replaced by RFC-8200). The feature test would always return false at the moment, so remove it from the output path. Signed-off-by: Yan Zhai --- net/ipv6/ip6_output.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index a471c7e91761..ae87a3817d4a 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -189,7 +189,6 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); if ((skb->len > mtu && !skb_is_gso(skb)) || - dst_allfrag(skb_dst(skb)) || (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) return ip6_fragment(net, sk, skb, ip6_finish_output2); else From patchwork Fri Oct 20 05:32:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 155815 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2010:b0:403:3b70:6f57 with SMTP id fe16csp839093vqb; Thu, 19 Oct 2023 22:33:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGO7/6+msCWyLqE2LvA5bsy/d6bLMkPvnArE/VUA3yFTFI0QERwaIHlNIqF9s+SVtZQcSp3 X-Received: by 2002:a05:6a21:66c6:b0:174:2a38:9d9c with SMTP id ze6-20020a056a2166c600b001742a389d9cmr959414pzb.57.1697780004597; Thu, 19 Oct 2023 22:33:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697780004; cv=none; d=google.com; s=arc-20160816; b=C9hZQreCKsA41tnW4v7Fd5Jp+cYqHlawi5jQr9bOKHJkQoC/UMayd2af4ehOA+739R DPFpbT0JZH5Kld2vtqmmyEFojkR7T9b4rmRCmoMKVwqnsp1l52JMQ4Zu5KK2O5qa4437 4EDf+wh3hW1z/UQ/OqmCh8jO33rrv4PHMj0DK8jsJ7iPp0HwTsiYJTqFePcD7LEIh95H LnIW56J4POi2TjtcNrFiiaona+6USfFWJf6YrHefaRDL+Ew1utUHy/cFYL0ZuJef/0il qa0nqbG2u7CXYb3yvfx27f2o9bc+2vOfyj17R4OXx1w5QZsR2oZWQiyowYlQBoFJTz0C htyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=9xpTogBhloZZ3cgxOHAvGjGFV2B6QzeETWE0jVApmhU=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=nXSXQr/NRrvgEItDXfdZYHhr1kEzzL0ke8MUxUUMpB1CaT3VHNcFy+kVaWX7tSlZ0A KsjSGj25AvAGkoZOIQ/mc58xzFhWHVYadlnvvkI8KWUvX5UJetU96nkNxDuJVnQ7Z0jW KoTFlsUGs2sV9H6/i4t6rRmfITXQMvYJsiTC/FBUhnYeP0lsIj1MbR8bRUPBI1n57c9U 6l+j2iI18ixlp/GwwmQeyffvDYzDJnjBRVKDK8MHYbs8WdNqM94egaxTHvWamkWbEiT6 wJ9cvz/ingGnYBCUFBarzksFiPE/1fXRcDfff2qsUKAYZiO2UeexSzJlOg5JnZmhu9q+ M7HQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=W5HYo6Cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id u1-20020a170902e80100b001c5616520cfsi1086756plg.204.2023.10.19.22.33.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:33:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=W5HYo6Cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 6F7B180A7745; Thu, 19 Oct 2023 22:33:22 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346656AbjJTFc5 (ORCPT + 25 others); Fri, 20 Oct 2023 01:32:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346637AbjJTFcx (ORCPT ); Fri, 20 Oct 2023 01:32:53 -0400 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CBD7119 for ; Thu, 19 Oct 2023 22:32:52 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id af79cd13be357-778927f2dd3so23391185a.2 for ; Thu, 19 Oct 2023 22:32:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1697779971; x=1698384771; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=9xpTogBhloZZ3cgxOHAvGjGFV2B6QzeETWE0jVApmhU=; b=W5HYo6CzHn0n+hoSyGPdXLRPk7sDe9kyTLVSvCoWtjMgPhbsnd6DDmh+tFU5wF8rfQ RJqEmYP3AU7cmo2moTlMJpLaQ3puZno8yFfEbkDM5H4pLKeTQmWxq8uEsW9WfOFD6I00 /fB2kMHootI9Y+koucBakT4yLrQPVCLHsxVuvi2cEVfQaTUWOhAUc65d1dHSyABO+ANL G9IiC9klk/NZuF12Lc9wfpFHF5RDocpAEGuncVjd3Dps2HpEI8lih07s0p4oQ2FrN67f osEGTtzFj/Nt/tAswwLlMTqWHyBSK0FbtVkfRqFOGX7QzKpWAgu15VCQBYGUQoOtQfTM kYwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697779971; x=1698384771; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9xpTogBhloZZ3cgxOHAvGjGFV2B6QzeETWE0jVApmhU=; b=SWsA3AVFgyAdU1kpPT0DCOu+8LxHWZHbJbsHDeT/+FCQQBwpbRTfcW3Srh5/lQ/TVY /TKTAlvXFuFae8ENExqlcUlQ7jNk5+ZWHK+d2j/6eDIIWjGlfOdM0Lqm2QE92OTubzPh B2MK3EO0SclbU4ckoUZjef1bfpPgsgZnk15c3ccNNwgsE3wejZIoeBGswsuNyLC6cz0/ odoLzx7HiV36Hc5/K15eP6wcgjMaH7LecK2xjKUc+/3QJH7jbhuPWKbsyhqWXjw0/IeL ljL9SUfdOfJwDOywapenVTdIz7gYmhVMVPyuI7Jan4jZJVmSTLJ2+fvwEMw+IAaowiNn g5vg== X-Gm-Message-State: AOJu0Yzbqrx38/k745rkc2IFSGueJDinJQ72oFhEWEcqYmnjclsAh29R /EMRgqODkK9kWng2ByKp2eKGGQ== X-Received: by 2002:a05:620a:40c5:b0:778:8ce0:221a with SMTP id g5-20020a05620a40c500b007788ce0221amr824644qko.63.1697779971342; Thu, 19 Oct 2023 22:32:51 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id bq12-20020a05620a468c00b007678973eaa1sm356816qkb.127.2023.10.19.22.32.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:32:50 -0700 (PDT) Date: Thu, 19 Oct 2023 22:32:49 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v3 net-next 2/3] ipv6: refactor ip6_finish_output for GSO handling Message-ID: <496ccff707e16e98163d2a3fbcfbc1f824fd8ec3.1697779681.git.yan@cloudflare.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 19 Oct 2023 22:33:22 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780251365971378732 X-GMAIL-MSGID: 1780251365971378732 Separate GSO and non-GSO packets handling to make the logic cleaner. For GSO packets, frag_max_size check can be omitted because it is only useful for packets defragmented by netfilter hooks. Both local output and GRO logic won't produce GSO packets when defragment is needed. This also mirrors what IPv4 side code is doing. Suggested-by: Florian Westphal Signed-off-by: Yan Zhai Reviewed-by: Willem de Bruijn --- net/ipv6/ip6_output.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ae87a3817d4a..3270d56b5c37 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -170,6 +170,16 @@ ip6_finish_output_gso_slowpath_drop(struct net *net, struct sock *sk, return ret; } +static int ip6_finish_output_gso(struct net *net, struct sock *sk, + struct sk_buff *skb, unsigned int mtu) +{ + if (!(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) && + !skb_gso_validate_network_len(skb, mtu)) + return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); + + return ip6_finish_output2(net, sk, skb); +} + static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) { unsigned int mtu; @@ -183,16 +193,14 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff #endif mtu = ip6_skb_dst_mtu(skb); - if (skb_is_gso(skb) && - !(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) && - !skb_gso_validate_network_len(skb, mtu)) - return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); + if (skb_is_gso(skb)) + return ip6_finish_output_gso(net, sk, skb, mtu); - if ((skb->len > mtu && !skb_is_gso(skb)) || + if (skb->len > mtu || (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) return ip6_fragment(net, sk, skb, ip6_finish_output2); - else - return ip6_finish_output2(net, sk, skb); + + return ip6_finish_output2(net, sk, skb); } static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) From patchwork Fri Oct 20 05:32:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 155816 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2010:b0:403:3b70:6f57 with SMTP id fe16csp839101vqb; Thu, 19 Oct 2023 22:33:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF2zNCfu6glRQt5POyL11ZaFp4cAMJ2wcm53PW9/dlIzKpJy90Vzvwnv5BrgkXLYc48X3oR X-Received: by 2002:a25:c552:0:b0:d9a:e9c5:cf2c with SMTP id v79-20020a25c552000000b00d9ae9c5cf2cmr819824ybe.54.1697780005909; Thu, 19 Oct 2023 22:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697780005; cv=none; d=google.com; s=arc-20160816; b=PmTO18ZIyOo8hKd1Q89nM9GdkweEIbuXhD6PDi6l5JVjfKWV3N4BI0djKyFS3vdNxj h/7x4G8Oqk9z6Km6w6Q3J8ZeqWK3sxW/W/mHj9X1LObZbwENeVE9gOmREY4yfSaa5lGl WMnJCZ3Ic5AcB+hyk0l+I1IJcl+geWpAIFWy5ASCuC6koSTLpX9LkdikwJIeCYvfWZw5 BKryBL4qPbHmf4fvC6mWatv1FoFsRokh7XpZqNVB5L3JsE06VfLsGmaDkfkTQ065mqT6 XWfEdefP5yFdLj02q1V7BxyufVTsQYuPt2+mPHbpq6m417rV+LmLPDT8ofo7tEU5fRd/ yASw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=QERO0uRdQXqqSaQdJAhee2LXGn28nhRHE84yn6ioXDc=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=GZAeB5a9a+Amk1Pmr/7LAnwBQP/R9xVr1dKrBRIa3r/XAPoagz/NZ71CWMIFfFEQZG JCN7CzHoU4YsEwIIohh19La+ynJeicOdQXfGkfRXu8ttdJ9GgxHX8Umo4mnUmLUkBIyd AjJq6knpJUI+nKq7WLi1r/LC58iq1LqqF1UvckZfPUKbFa480hRvPq/hMRg/mWLSpICk 9ql7OG5LWokXT313J/3EhlCJkyjpljuTq/InM+mZzpiiVtjNGA2PDKpzd+Ajef75SCQh X7jioz11vOGG8PC1VQwq+id8rhWcNV+99tjBO2l7bz694Hq3iIR6K4+oI0EOATSHVYz1 M4CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=UCHRbXYL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id b25-20020a056a0002d900b006be1c26af7dsi1091766pft.236.2023.10.19.22.33.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=UCHRbXYL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 5B72381D2315; Thu, 19 Oct 2023 22:33:23 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346919AbjJTFc7 (ORCPT + 25 others); Fri, 20 Oct 2023 01:32:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346645AbjJTFc4 (ORCPT ); Fri, 20 Oct 2023 01:32:56 -0400 Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33E70D51 for ; Thu, 19 Oct 2023 22:32:54 -0700 (PDT) Received: by mail-ua1-x92c.google.com with SMTP id a1e0cc1a2514c-7b6d6773d05so173403241.2 for ; Thu, 19 Oct 2023 22:32:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1697779973; x=1698384773; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=QERO0uRdQXqqSaQdJAhee2LXGn28nhRHE84yn6ioXDc=; b=UCHRbXYL3xC0knyXFuBAsnyrkLGlT5t1Rqg+cpKWHrQednZoHGoTfiInP7UE+NCSFR wXSUe6Jwu7zzaVd3n85LoZnXW8+dqlE1Bhuxl3jPFfvL6x46DSNj9/D3DLF2LqmuCB9D tWbot+5hrUbZVTCTn349B4xeWIal6d8nHMFgT+1sGLA7ZjBc5ojYa5D9rR9B8t5ub5VW NV0+7zd6FNrsiehybQSpW6+JXRZkUN448cicU2ypFjj3plmy96MfLdNhMBjvLdQQpkcG wiKlBsYehe+nSW73EcWYNU+qIicC6wCqfKAZSWXlkk4Az0wwxr7oLzYz2pnDrUz+I0OD VnwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697779973; x=1698384773; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QERO0uRdQXqqSaQdJAhee2LXGn28nhRHE84yn6ioXDc=; b=aqQ+LsCZoMiYLBEGsYOTp+vGHqfqYecB+bporfHrgE8OZSC7976KFkEMSRumIjNJYG t4WpeH9zbLKsJJKk8O5V4KwCJbopmTFd6NeAvBw7GCf5Sym8EVQAxvY3SI1k5sx2NGc2 YohNR+8JdUn1g1qoAgWkz2KZENYCPdBNQLdK0X3F09XzLsWxYMLbowF3zkz76Phz49qY JAnGAxlN2pdmfmMXQYT10qtHMyTsShpjnAG2p8zqS0y16ulTxzAH0r5HEEZEqLNrjstd dE2/56xE1SphCBiXB53fK70i/9FyoGTjalE6pVrfb2hDzFCHx40T20d6S06XnjmOhIpg GctQ== X-Gm-Message-State: AOJu0YxiDwRHEwcEZltAN6po6lp/lGU/+Y8jRwlXGLuWAeMWDF/Mwgy1 Q231svhk+SYt9Ffn86a5yuf2HA== X-Received: by 2002:a67:ae05:0:b0:452:5798:64bd with SMTP id x5-20020a67ae05000000b00452579864bdmr920744vse.35.1697779973258; Thu, 19 Oct 2023 22:32:53 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id vq6-20020a05620a558600b0076e672f535asm359098qkn.57.2023.10.19.22.32.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 22:32:52 -0700 (PDT) Date: Thu, 19 Oct 2023 22:32:51 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v3 net-next 3/3] ipv6: avoid atomic fragment on GSO packets Message-ID: <77423bb774612f0e8eaabfd9501d03389ff2cdbd.1697779681.git.yan@cloudflare.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 19 Oct 2023 22:33:23 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780251366956019814 X-GMAIL-MSGID: 1780251366956019814 When the ipv6 stack output a GSO packet, if its gso_size is larger than dst MTU, then all segments would be fragmented. However, it is possible for a GSO packet to have a trailing segment with smaller actual size than both gso_size as well as the MTU, which leads to an "atomic fragment". Atomic fragments are considered harmful in RFC-8021. An Existing report from APNIC also shows that atomic fragments are more likely to be dropped even it is equivalent to a no-op [1]. Add an extra check in the GSO slow output path. For each segment from the original over-sized packet, if it fits with the path MTU, then avoid generating an atomic fragment. Link: https://www.potaroo.net/presentations/2022-03-01-ipv6-frag.pdf [1] Fixes: b210de4f8c97 ("net: ipv6: Validate GSO SKB before finish IPv6 processing") Reported-by: David Wragg Signed-off-by: Yan Zhai --- net/ipv6/ip6_output.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 3270d56b5c37..3d4e8edaa10b 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -162,7 +162,13 @@ ip6_finish_output_gso_slowpath_drop(struct net *net, struct sock *sk, int err; skb_mark_not_on_list(segs); - err = ip6_fragment(net, sk, segs, ip6_finish_output2); + /* Last GSO segment can be smaller than gso_size (and MTU). + * Adding a fragment header would produce an "atomic fragment", + * which is considered harmful (RFC-8021). Avoid that. + */ + err = segs->len > mtu ? + ip6_fragment(net, sk, segs, ip6_finish_output2) : + ip6_finish_output2(net, sk, segs); if (err && ret == 0) ret = err; }