Patchwork Bridge + Conntrack + SKB Recycle: Fragment Reassembly Errors

login
register
mail settings
Submitter Patrick McHardy
Date Nov. 22, 2009, 12:29 a.m.
Message ID <4B088600.8090209@trash.net>
Download mbox | patch
Permalink /patch/38990/
State RFC
Delegated to: David Miller
Headers show

Comments

Patrick McHardy - Nov. 22, 2009, 12:29 a.m.
Patrick McHardy wrote:
> So it seems we need to adjust skb->truesize in ip_fragment() since
> skb_recycle_check() assumes the skb is linear (and therefore
> skb->truesize reflects the linear size). Ben's suggestions of adding
> an upper limit based on the requested size to skb_recycle_check()
> makes sense to me as well to avoid this problem when recycling large
> linear skbs.

Ben, please give this patch a try.
ben@bigfootnetworks.com - Dec. 1, 2009, 4 p.m.
> Ben, please give this patch a try.

I have not been able to recreate the issue after applying the patch,
which is great.  Is this the only case in which large-ish SKBs might be
recycled and cause the reassembly overflow?

- Ben Menchaca
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 322b408..031989d 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -501,8 +501,8 @@  int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
 			if (skb->sk) {
 				frag->sk = skb->sk;
 				frag->destructor = sock_wfree;
-				truesizes += frag->truesize;
 			}
+			truesizes += frag->truesize;
 		}
 
 		/* Everything is OK. Generate! */