From patchwork Tue Oct 24 14:26:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 157527 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp1980777vqx; Tue, 24 Oct 2023 07:26:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEsDikaPqVBBBbYqkFT0rTDhXsKH4hjVgaeigzYeZtO9OrnUIUjeWCtGh1MwWdGzkoRoBYi X-Received: by 2002:a05:6a00:23c4:b0:68b:bf33:2957 with SMTP id g4-20020a056a0023c400b0068bbf332957mr11195039pfc.22.1698157617098; Tue, 24 Oct 2023 07:26:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698157617; cv=none; d=google.com; s=arc-20160816; b=y7OmBWbuAUmqRn7WJ/5olwe3iZSJy3d2eq8dHlLSPf6TKy0mLlA9TzJlQlGc8QuBoo LFqR4bPqq/B3kCgyxfREQ9zfubk/kb9CgpPDtZrNOt0G3GpkxycTCUU3IBkPpoNPtzEJ HfmvuEJC4YO7S/XKm9pMenybCwzGqljyO9d6N+6S8Y8yG6mxLRLddcCc8/CaLsmvgMeo Rk2TOKFJEO9wXJQYafmPe2NWA2KMjZPlaqREZottgdlLnPgWADz30XJ9snPGSylLICbs P4kn7v2zTT8bo6fRkMDOauAY3JZR/4qQ0GVPBKalgzTeOc1GDkSgjosyR3GuQDpQNowN oNng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BV4wMKpDzQBLCaMJ5oNzkZGgqGs5udbKvGwD/DtKxNQ=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=sfAjp16rw2WMPVE/kEIwyyh6o7vaziagx+KMqvFX1PqKasUO01Hh3gD5lc/nFrT5bz xdegp2TfI5s0aDFWkfawZlN2l6gXP3xnckgqgkDSA+B+FZI6f52p76xZjiVHUAg/p1Wl WjKgKfb9NFqKTGhsVk97Zjq1NpQ1e8/2ThBy9UEYwYHUiNEKH1JtnzT8pEjsUQZ8kOmF +Pjq1kzpqvdg6DFv7VZvs3q9ISNE7d+ot84y1hBOI+R9lXkMiKU4GCIoybpSGlc40kAI vKvqDwcnpUsPtAFutaQlV/PbVI0mgzQ2uN7yxdwqYeq+Heau+yr0DmmE1vXavF3E+3Td SRgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=dZB6VbgP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id u21-20020a656715000000b00578a30162c8si8317401pgf.537.2023.10.24.07.26.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:26:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=dZB6VbgP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 51A54803FC2F; Tue, 24 Oct 2023 07:26:52 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343751AbjJXO0m (ORCPT + 26 others); Tue, 24 Oct 2023 10:26:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343524AbjJXO0k (ORCPT ); Tue, 24 Oct 2023 10:26:40 -0400 Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF44CC4 for ; Tue, 24 Oct 2023 07:26:37 -0700 (PDT) Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-7789923612dso313208685a.0 for ; Tue, 24 Oct 2023 07:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1698157597; x=1698762397; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=BV4wMKpDzQBLCaMJ5oNzkZGgqGs5udbKvGwD/DtKxNQ=; b=dZB6VbgPHgNvjBc0pN5AmGnFLRwM2WmCYVx2EvyijbbQUKr1lksGj6N8PkVjoYlosj z2mOwdGquZVJTCZunem+skxub6J5RtfzpA0woDNYE4Qd6JGGd6zlDMAzRi0l2tATNpji vGsQginhjxJNeAjpBUUEczZqzOjTuukwMrOU9RxA4JejpEZo1GE8g0tLNzzoIYBLzGnP 4UOAPd9tfkrvpa561Pp+rfWEXQftmsSH3tiM+ZgTT+qv9DQsczj8/gUmKUjrZwWcaIu5 jmt3ZZP9OUoJMnqjG+VeCoh9Qkjam2w8BMl6cQeLAQ8BFxx4gilPCrWZ8+Lfo++J6Za2 U8Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698157597; x=1698762397; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BV4wMKpDzQBLCaMJ5oNzkZGgqGs5udbKvGwD/DtKxNQ=; b=Csg7uwCpb/t/M0I2Ya86KKg2mQWLQ5ekAkiINN+e/FgPhdn2VO0THiI60r/yfXwZsE bVJgg3I+UKXpYZ3pHfmtaYCPusX4fFU8sssNCXF3xZpybBN/vVti4UzxZ0JLjTz9Mfwe XLSnNjlOWAsnnWkGYGjECMlCztCM1dgkEiyfnSp2z6hbw+nqFqPUN3FaawyRGGf53Zv1 +2M0rarfvF220wZoXRtWNcS8AP1FKmUpN5WFDMB4xlJkOCT8u6lKDwA8bVCc4HHoNJcK ZtPxE92ZxYqryPvEuash7+EXLToPZ2myl9opomMemz/xV+6rPR81pUKitSxsGYPaK5nZ WdCg== X-Gm-Message-State: AOJu0Yx2pCjLYrengxnZVfqpXbXwupz568Q8WUMty75ONcoDVmUOe+Ip MLSMR731Z0pkVhMOMnE8qMSUEg== X-Received: by 2002:a05:620a:3d12:b0:770:9e5b:e1e7 with SMTP id tq18-20020a05620a3d1200b007709e5be1e7mr10492122qkn.62.1698157596942; Tue, 24 Oct 2023 07:26:36 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id y5-20020a37e305000000b0076d25b11b62sm3482629qki.38.2023.10.24.07.26.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:26:36 -0700 (PDT) Date: Tue, 24 Oct 2023 07:26:33 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v5 net-next 1/3] ipv6: drop feature RTAX_FEATURE_ALLFRAG Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 24 Oct 2023 07:26:52 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780647321043172875 X-GMAIL-MSGID: 1780647321043172875 RTAX_FEATURE_ALLFRAG was added before the first git commit: https://www.mail-archive.com/bk-commits-head@vger.kernel.org/msg03399.html The feature would send packets to the fragmentation path if a box receives a PMTU value with less than 1280 byte. However, since commit 9d289715eb5c ("ipv6: stop sending PTB packets for MTU < 1280"), such message would be simply discarded. The feature flag is neither supported in iproute2 utility. In theory one can still manipulate it with direct netlink message, but it is not ideal because it was based on obsoleted guidance of RFC-2460 (replaced by RFC-8200). The feature would always test false at the moment, so remove related code or mark them as unused. Signed-off-by: Yan Zhai Reviewed-by: Florian Westphal Reviewed-by: Eric Dumazet --- V4 -> V5: removed a unused macro instead of adding "unused" comment V3 -> V4: cleaned up all RTAX_FEATURE_ALLFRAG code, rather than just drop the check at IPv6 output. --- include/net/dst.h | 7 ------- include/net/inet_connection_sock.h | 1 - include/net/inet_sock.h | 1 - include/uapi/linux/rtnetlink.h | 2 +- net/ipv4/tcp_output.c | 20 +------------------- net/ipv6/ip6_output.c | 15 ++------------- net/ipv6/tcp_ipv6.c | 1 - net/ipv6/xfrm6_output.c | 2 +- net/mptcp/subflow.c | 1 - 9 files changed, 5 insertions(+), 45 deletions(-) diff --git a/include/net/dst.h b/include/net/dst.h index f8b8599a0600..f5dfc8fb7b37 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -222,13 +222,6 @@ static inline unsigned long dst_metric_rtt(const struct dst_entry *dst, int metr return msecs_to_jiffies(dst_metric(dst, metric)); } -static inline u32 -dst_allfrag(const struct dst_entry *dst) -{ - int ret = dst_feature(dst, RTAX_FEATURE_ALLFRAG); - return ret; -} - static inline int dst_metric_locked(const struct dst_entry *dst, int metric) { diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h index 086d1193c9ef..d0a2f827d5f2 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h @@ -44,7 +44,6 @@ struct inet_connection_sock_af_ops { struct request_sock *req_unhash, bool *own_req); u16 net_header_len; - u16 net_frag_header_len; u16 sockaddr_len; int (*setsockopt)(struct sock *sk, int level, int optname, sockptr_t optval, unsigned int optlen); diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h index 98e11958cdff..74db6d97cae1 100644 --- a/include/net/inet_sock.h +++ b/include/net/inet_sock.h @@ -244,7 +244,6 @@ struct inet_sock { }; #define IPCORK_OPT 1 /* ip-options has been held in ipcork.opt */ -#define IPCORK_ALLFRAG 2 /* always fragment (for ipv6 for now) */ enum { INET_FLAGS_PKTINFO = 0, diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h index aa2482a0614a..3b687d20c9ed 100644 --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h @@ -505,7 +505,7 @@ enum { #define RTAX_FEATURE_ECN (1 << 0) #define RTAX_FEATURE_SACK (1 << 1) /* unused */ #define RTAX_FEATURE_TIMESTAMP (1 << 2) /* unused */ -#define RTAX_FEATURE_ALLFRAG (1 << 3) +#define RTAX_FEATURE_ALLFRAG (1 << 3) /* unused */ #define RTAX_FEATURE_TCP_USEC_TS (1 << 4) #define RTAX_FEATURE_MASK (RTAX_FEATURE_ECN | \ diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 2866ccbccde0..ca4d7594efd4 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1698,14 +1698,6 @@ static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu) */ mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr); - /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ - if (icsk->icsk_af_ops->net_frag_header_len) { - const struct dst_entry *dst = __sk_dst_get(sk); - - if (dst && dst_allfrag(dst)) - mss_now -= icsk->icsk_af_ops->net_frag_header_len; - } - /* Clamp it (mss_clamp does not include tcp options) */ if (mss_now > tp->rx_opt.mss_clamp) mss_now = tp->rx_opt.mss_clamp; @@ -1733,21 +1725,11 @@ int tcp_mss_to_mtu(struct sock *sk, int mss) { const struct tcp_sock *tp = tcp_sk(sk); const struct inet_connection_sock *icsk = inet_csk(sk); - int mtu; - mtu = mss + + return mss + tp->tcp_header_len + icsk->icsk_ext_hdr_len + icsk->icsk_af_ops->net_header_len; - - /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ - if (icsk->icsk_af_ops->net_frag_header_len) { - const struct dst_entry *dst = __sk_dst_get(sk); - - if (dst && dst_allfrag(dst)) - mtu += icsk->icsk_af_ops->net_frag_header_len; - } - return mtu; } EXPORT_SYMBOL(tcp_mss_to_mtu); diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 3c7de89d6755..86efd901ee5a 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -191,7 +191,6 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); if ((skb->len > mtu && !skb_is_gso(skb)) || - dst_allfrag(skb_dst(skb)) || (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) return ip6_fragment(net, sk, skb, ip6_finish_output2); else @@ -1017,9 +1016,6 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, return err; fail_toobig: - if (skb->sk && dst_allfrag(skb_dst(skb))) - sk_gso_disable(skb->sk); - icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); err = -EMSGSIZE; @@ -1384,10 +1380,7 @@ static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork, cork->base.mark = ipc6->sockc.mark; sock_tx_timestamp(sk, ipc6->sockc.tsflags, &cork->base.tx_flags); - if (dst_allfrag(xfrm_dst_path(&rt->dst))) - cork->base.flags |= IPCORK_ALLFRAG; cork->base.length = 0; - cork->base.transmit_time = ipc6->sockc.transmit_time; return 0; @@ -1444,8 +1437,6 @@ static int __ip6_append_data(struct sock *sk, headersize = sizeof(struct ipv6hdr) + (opt ? opt->opt_flen + opt->opt_nflen : 0) + - (dst_allfrag(&rt->dst) ? - sizeof(struct frag_hdr) : 0) + rt->rt6i_nfheader_len; if (mtu <= fragheaderlen || @@ -1555,7 +1546,7 @@ static int __ip6_append_data(struct sock *sk, while (length > 0) { /* Check if the remaining data fits into current packet. */ - copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; + copy = (cork->length <= mtu ? mtu : maxfraglen) - skb->len; if (copy < length) copy = maxfraglen - skb->len; @@ -1586,7 +1577,7 @@ static int __ip6_append_data(struct sock *sk, */ datalen = length + fraggap; - if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) + if (datalen > (cork->length <= mtu ? mtu : maxfraglen) - fragheaderlen) datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; fraglen = datalen + fragheaderlen; pagedlen = 0; @@ -1835,7 +1826,6 @@ static void ip6_cork_steal_dst(struct sk_buff *skb, struct inet_cork_full *cork) struct dst_entry *dst = cork->base.dst; cork->base.dst = NULL; - cork->base.flags &= ~IPCORK_ALLFRAG; skb_dst_set(skb, dst); } @@ -1856,7 +1846,6 @@ static void ip6_cork_release(struct inet_cork_full *cork, if (cork->base.dst) { dst_release(cork->base.dst); cork->base.dst = NULL; - cork->base.flags &= ~IPCORK_ALLFRAG; } } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0c8a14ba104f..dc27988512a6 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1895,7 +1895,6 @@ const struct inet_connection_sock_af_ops ipv6_specific = { .conn_request = tcp_v6_conn_request, .syn_recv_sock = tcp_v6_syn_recv_sock, .net_header_len = sizeof(struct ipv6hdr), - .net_frag_header_len = sizeof(struct frag_hdr), .setsockopt = ipv6_setsockopt, .getsockopt = ipv6_getsockopt, .addr2sockaddr = inet6_csk_addr2sockaddr, diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index ad07904642ca..5f7b1fdbffe6 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c @@ -95,7 +95,7 @@ static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb) return -EMSGSIZE; } - if (toobig || dst_allfrag(skb_dst(skb))) + if (toobig) return ip6_fragment(net, sk, skb, __xfrm6_output_finish); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 9c1f8d1d63d2..7064543b534d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -2044,7 +2044,6 @@ void __init mptcp_subflow_init(void) subflow_v6m_specific.send_check = ipv4_specific.send_check; subflow_v6m_specific.net_header_len = ipv4_specific.net_header_len; subflow_v6m_specific.mtu_reduced = ipv4_specific.mtu_reduced; - subflow_v6m_specific.net_frag_header_len = 0; subflow_v6m_specific.rebuild_header = subflow_rebuild_header; tcpv6_prot_override = tcpv6_prot; From patchwork Tue Oct 24 14:26:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 157529 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp1980964vqx; Tue, 24 Oct 2023 07:27:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG54gEty4jU2C6iOdLjhP+0YCOR6PLBs/Gu4srw/djeyShKgfo9LZ9rFQ6J4256lMRQ654Q X-Received: by 2002:a05:6a20:8e0e:b0:129:d944:2e65 with SMTP id y14-20020a056a208e0e00b00129d9442e65mr3300713pzj.13.1698157637053; Tue, 24 Oct 2023 07:27:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698157637; cv=none; d=google.com; s=arc-20160816; b=dgxWpM6XSkn6GWx9G5aOz6XnOhId2POJ78jPNgS/Cbf2SVLBcQymQXzhCOJo/QNmQl 8I3QKwdptzVXZ5WuNVcJCx+3CGCwLBGd7heKKJKnQqUisi7fk5nrWW0IG5tMS6h9k1/w J2q4zdmmll4prF/rljoYjDawExSd0xBY2pDuWIUD7eGQYcV8TUzd176DLlULUUkW0qkC KOP/gKHhfuekjPPXw/RFrmurPCHgCDfPkfN13cEblPC8lSYGJxYgz+uGXqjX/cIonl/n mZCwf/l//LMK6gj5ZwR4dXgcR1011PBrE/wUYxiixfhbjfPNcAqXPmBMD2FtlcI9p/3u o1iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ANWtBi2MdCaxrrm0KgoW1Ul1Iz1M5CJm2G0yJPXRo30=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=oMsxBR8j/sntsMyBMVFigW0I+f4fP5OpEaXDGdbIqpScFPOw8JeJRVs0+OiBJNN2lH u3u0UcrpF1EThrlx/in+rLbrqwz1azcMQYxSP1czSREMagw00CvA5x51+aaS1zmKKgX1 gX35iqh30gECV5lNhAB4oAjs4s2UMmQxp7BWFWGe4N2Wf8N3WPA2Tq9CISx+NuDKBVex 4K7FnIIAIx9t7pLFntcQ/uryHONadI2Uy+9OGUR7IWv47973/HAxtYjcGLnYqCWmpZkS I0eWpp1Am5swpKYAQyO199cgu3cB1LRLhvrDLxTurmyfHQzGnR4mzDNCUR0tXbwKybkM LV1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=OrnhSMSd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id f13-20020a056a001acd00b006be062e4ecbsi8513243pfv.32.2023.10.24.07.27.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:27:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=OrnhSMSd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 65EE4803F940; Tue, 24 Oct 2023 07:27:14 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343781AbjJXO0p (ORCPT + 26 others); Tue, 24 Oct 2023 10:26:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343524AbjJXO0n (ORCPT ); Tue, 24 Oct 2023 10:26:43 -0400 Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DD49129 for ; Tue, 24 Oct 2023 07:26:41 -0700 (PDT) Received: by mail-oi1-x22c.google.com with SMTP id 5614622812f47-3b2f4a5ccebso3062702b6e.3 for ; Tue, 24 Oct 2023 07:26:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1698157600; x=1698762400; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=ANWtBi2MdCaxrrm0KgoW1Ul1Iz1M5CJm2G0yJPXRo30=; b=OrnhSMSdnKPjUG1TT6wTvS5HRvmsZ9hWsPtUMTg6VK65BsAxIb3Gkks1OcNzP2K+ow qtXqofVsB40pAhadA03cDCKXbiwzsCt8d0OuZKJsjYArGw9/WfRJFCmqcVzXpzu4f3xl g5hXAEnhPe0ZuM7a9KTP784W8jISd0D0zAIETr4g4j1IcvirURdEhbCbVlTT+xJbhzM6 KeZ2WlSHSftRzEN4HsFKWn94vcifxduJT8Kb6AQA80ReNl9Zmcfaxt1+fH3Z7Za8gOht q4MkavJpxMktMppkz+okCLpkSkO+LIw7uMt5i0s88ZKFLTLAioEp3u34B/XBWIwWWrA7 ZcIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698157600; x=1698762400; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ANWtBi2MdCaxrrm0KgoW1Ul1Iz1M5CJm2G0yJPXRo30=; b=I7FAlfcxf1vpdR1wh82QRJRpnH9mQHFxD/xu/G/rUQIg8lwbPbpoJcbb8zwqnrh0hg KCEWN8hKCuZQrG4lAiHnxKg909l1FQijs0wxUyehnOhVoakml0ucruw2Euy9TDJXh01a JCnculg4i6f+3haNmIVhuaX5MomEJZCSo/rCxZjpEteiSr6KuVZX8jt8E09T6Nfa7kUS M+o/uqp9a6msaE7bF7P3A86yL5SDElHVl3KlgMxJdQdcZueGHG2j0tG136/5n4/S+0BD 8ymRmZEAx4Co6fD5ggBoiztlTM/dD1PbrdJw4XHcTx1UrkTVtX8XRGJUhXQRVYHR+nqG Dhew== X-Gm-Message-State: AOJu0YwwlIftCLZ7b79R0rG8+fJxltJAVivDLzBYVdNiW2DrNuptDVup wngIv2E8hqsODLd+RiNyTk49Fw== X-Received: by 2002:a05:6870:7e0d:b0:1ea:29cc:d2dc with SMTP id wx13-20020a0568707e0d00b001ea29ccd2dcmr15920283oab.11.1698157600641; Tue, 24 Oct 2023 07:26:40 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id kr25-20020ac861d9000000b004181c32dcc3sm3487025qtb.16.2023.10.24.07.26.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:26:40 -0700 (PDT) Date: Tue, 24 Oct 2023 07:26:37 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v5 net-next 2/3] ipv6: refactor ip6_finish_output for GSO handling Message-ID: <0e1d4599f858e2becff5c4fe0b5f843236bc3fe8.1698156966.git.yan@cloudflare.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 24 Oct 2023 07:27:14 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780647342452128604 X-GMAIL-MSGID: 1780647342452128604 Separate GSO and non-GSO packets handling to make the logic cleaner. For GSO packets, frag_max_size check can be omitted because it is only useful for packets defragmented by netfilter hooks. Both local output and GRO logic won't produce GSO packets when defragment is needed. This also mirrors what IPv4 side code is doing. Suggested-by: Florian Westphal Signed-off-by: Yan Zhai Reviewed-by: Willem de Bruijn Reviewed-by: Eric Dumazet --- net/ipv6/ip6_output.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 86efd901ee5a..4010dd97aaf8 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -172,6 +172,16 @@ ip6_finish_output_gso_slowpath_drop(struct net *net, struct sock *sk, return ret; } +static int ip6_finish_output_gso(struct net *net, struct sock *sk, + struct sk_buff *skb, unsigned int mtu) +{ + if (!(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) && + !skb_gso_validate_network_len(skb, mtu)) + return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); + + return ip6_finish_output2(net, sk, skb); +} + static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) { unsigned int mtu; @@ -185,16 +195,14 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff #endif mtu = ip6_skb_dst_mtu(skb); - if (skb_is_gso(skb) && - !(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) && - !skb_gso_validate_network_len(skb, mtu)) - return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu); + if (skb_is_gso(skb)) + return ip6_finish_output_gso(net, sk, skb, mtu); - if ((skb->len > mtu && !skb_is_gso(skb)) || + if (skb->len > mtu || (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) return ip6_fragment(net, sk, skb, ip6_finish_output2); - else - return ip6_finish_output2(net, sk, skb); + + return ip6_finish_output2(net, sk, skb); } static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) From patchwork Tue Oct 24 14:26:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Zhai X-Patchwork-Id: 157528 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp1980918vqx; Tue, 24 Oct 2023 07:27:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFplwMSyj0e4woABD17bFMM5AEipwUvBT8VzsH/o9HFppKysLUIxyeQdgJ7FahYVTWI5h3m X-Received: by 2002:a17:902:e5c8:b0:1ca:85ae:3b4f with SMTP id u8-20020a170902e5c800b001ca85ae3b4fmr11214612plf.55.1698157631363; Tue, 24 Oct 2023 07:27:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698157631; cv=none; d=google.com; s=arc-20160816; b=w1WB1OWwgCMpNsMadoq6JtTMAShCoSjru7c1tPrZx4CIx6CnoToUD0cUCM5Y6kaHYp /gt8SwZ0MiaDUxVIrGoU73EZYw0OzsrbXI77ZDrmOPTpaW9uWSjiGY0RWD2QdV8WF/bV BMWVw8KMn/Ld7f3Vb4M5yKMJ55/eTRYErJ2e2NQEuv4PDqvzRjLqPAZemfvudCYmfHnf t6G/WRzG9iXOTS9WMf+8oCrdOwY5SRK8rdfVMCF0KTdNqvktj36rFKsL0TShs/2aqk6u Hj4fYfsaL2JlO5bwbSDDH028IEaysnfUsp9aZCGsCVzYhU5P/SqZyVH+fAvSPSFphzqx uytQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6S93RbRglo4zJtt34VMTicjVThmJc0ap31UZOgLJcsE=; fh=pcqFZQYW2ZOvrJzL6iYbdBSsYjMBR+cDRZVlzaRzt/k=; b=HA5RCun3PsMl916DcghVsYM+HgDqheU8rQTS3Bl7aZjPdpw1V9lKR3oTYIFzbpjLqK +7i4iEkWyx12tCgjgCZNo8FWlYfitt/VfgG7pPTvDwEeZ97PCneIw4nkJFlbXQpAJ/is 5exC0yGRQGqtdpkKV+WBbWVfyCB7aikLGbCCJIbfrrec4BA3wHRLVK4cZ3PcsCFrf2SU 3HzGo91VBpQB5Ppzzr7ihICxOCixVFM9O8ZewuhWLZ8khLzaxJevfFmrI4ud6ziVmHEZ IY21pZ8jP1yfwwhkdJc84cHWLzKRUpVHl3ihilAd0MMc3bVcRiwa4mjbR2MQY1/6tMeD /vcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=d3i0xTrt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id s2-20020a170902ea0200b001b829a32f2dsi8864119plg.457.2023.10.24.07.27.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:27:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=d3i0xTrt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 7597D806B716; Tue, 24 Oct 2023 07:27:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343716AbjJXO0y (ORCPT + 26 others); Tue, 24 Oct 2023 10:26:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234788AbjJXO0v (ORCPT ); Tue, 24 Oct 2023 10:26:51 -0400 Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D1DF12C for ; Tue, 24 Oct 2023 07:26:45 -0700 (PDT) Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-7788ebea620so298807185a.3 for ; Tue, 24 Oct 2023 07:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1698157604; x=1698762404; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=6S93RbRglo4zJtt34VMTicjVThmJc0ap31UZOgLJcsE=; b=d3i0xTrtHY7fyNjAnemlo9hK6NiX9t3PE31O1zWq9PgxcDRJqY1q9oMNBafmkdCxgk 0XG+xpmDScIs8nxH+oOpTD+6eI1p2wLTjzvH2Sd56yxz1Ue0lfAtGjCSGQ7skl9ldEGZ +HXu/IFuD0LmkZHj74zLH8g++vRotkEacJ5c3sPDCGJFjX7H4NkR5/X6KgFP0x91pSwN Z5NP9/u/l2BKIm6D6AXwt+oFLMRGt9mijYipuDlMM+Bk9uoWDbxsvcqaOxn90fmDHHY9 reFmWU0jrLsHlDKGDMrEo6cXWq7bSgDQ8M2DH20mWqPKUYaCkzAuyLrHvt9yNtxOJPlw 6S+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698157604; x=1698762404; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6S93RbRglo4zJtt34VMTicjVThmJc0ap31UZOgLJcsE=; b=oXn6PjzyHlDdTbtB4PYct35+0Rh/LQkyakYdvRgie+PwdZEoifzJCFnnqckK69S2kt q+lFK0V01WTLy3m2eiSWf/92+Uy2o0Kf6V6IFHR7k06JgjXTr+ug0DM+Ho9hUCl+rHy/ k9bnekSGtF9+8qfqoUbAB5o2e3iKz+1V2jckoX7gvU9Fu0drtqh3TNq08lc2kgKQk+Zk 4Wunu2PLFb07X3rwf/qWcXlzyXX/W+ChbtA9A2RJkdEo+cIF5KQY+6fuVR8IoWYGMeoT Wky23++nx0UMThJ1y0QJ7Lf6FemU+2k41bNSpi2hR3QpRNtul9YdLhn7wXubjAXkvf4h 4L+A== X-Gm-Message-State: AOJu0YyS1GGWZpJK5t2wlcuNNjd3418ylSLXmVPTf6O1mG50WQ+U9wPX o+wYeg9UWueq3EWePAlrTeXQtQ== X-Received: by 2002:a05:620a:d96:b0:767:c572:ab10 with SMTP id q22-20020a05620a0d9600b00767c572ab10mr13854304qkl.35.1698157604465; Tue, 24 Oct 2023 07:26:44 -0700 (PDT) Received: from debian.debian ([140.141.197.139]) by smtp.gmail.com with ESMTPSA id l15-20020a05620a0c0f00b0077892023fc5sm3466575qki.120.2023.10.24.07.26.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 07:26:43 -0700 (PDT) Date: Tue, 24 Oct 2023 07:26:40 -0700 From: Yan Zhai To: netdev@vger.kernel.org Cc: "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Aya Levin , Tariq Toukan , linux-kernel@vger.kernel.org, kernel-team@cloudflare.com, Florian Westphal , Willem de Bruijn , Alexander H Duyck Subject: [PATCH v5 net-next 3/3] ipv6: avoid atomic fragment on GSO packets Message-ID: <90912e3503a242dca0bc36958b11ed03a2696e5e.1698156966.git.yan@cloudflare.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 24 Oct 2023 07:27:08 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780647336407546053 X-GMAIL-MSGID: 1780647336407546053 When the ipv6 stack output a GSO packet, if its gso_size is larger than dst MTU, then all segments would be fragmented. However, it is possible for a GSO packet to have a trailing segment with smaller actual size than both gso_size as well as the MTU, which leads to an "atomic fragment". Atomic fragments are considered harmful in RFC-8021. An Existing report from APNIC also shows that atomic fragments are more likely to be dropped even it is equivalent to a no-op [1]. Add an extra check in the GSO slow output path. For each segment from the original over-sized packet, if it fits with the path MTU, then avoid generating an atomic fragment. Link: https://www.potaroo.net/presentations/2022-03-01-ipv6-frag.pdf [1] Fixes: b210de4f8c97 ("net: ipv6: Validate GSO SKB before finish IPv6 processing") Reported-by: David Wragg Signed-off-by: Yan Zhai --- net/ipv6/ip6_output.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4010dd97aaf8..a722a43dd668 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -164,7 +164,13 @@ ip6_finish_output_gso_slowpath_drop(struct net *net, struct sock *sk, int err; skb_mark_not_on_list(segs); - err = ip6_fragment(net, sk, segs, ip6_finish_output2); + /* Last GSO segment can be smaller than gso_size (and MTU). + * Adding a fragment header would produce an "atomic fragment", + * which is considered harmful (RFC-8021). Avoid that. + */ + err = segs->len > mtu ? + ip6_fragment(net, sk, segs, ip6_finish_output2) : + ip6_finish_output2(net, sk, segs); if (err && ret == 0) ret = err; }