| Message ID | 20160317170855.GA21145@midget.suse.cz |
|---|---|
| State | RFC, archived |
| Delegated to: | David Miller |
| Headers | show |
On Thu, Mar 17, 2016 at 06:08:55PM +0100, Jiri Bohac wrote: > On Thu, Mar 17, 2016 at 11:24:59AM +0100, Steffen Klassert wrote: > > In IPv6 this check is missing, so this could be the > > problem if this is IPv6. > > indeed, this patch also fixes my problem: Hmm, is this what you really want? If I understood you correctly, you want the fragmentation to occur after IPsec. So while this might generate the same output, it is still going to prefragment the data, only to merge them back for IPsec and then refragment again. Cheers,
On Fri, Mar 18, 2016 at 10:36:53AM +0800, Herbert Xu wrote: > On Thu, Mar 17, 2016 at 06:08:55PM +0100, Jiri Bohac wrote: > > On Thu, Mar 17, 2016 at 11:24:59AM +0100, Steffen Klassert wrote: > > > In IPv6 this check is missing, so this could be the > > > problem if this is IPv6. > > > > indeed, this patch also fixes my problem: > > Hmm, is this what you really want? If I understood you correctly, > you want the fragmentation to occur after IPsec. The main problem was probably that UFO handling does not work at all on IPv6 IPsec. > So while this > might generate the same output, it is still going to prefragment > the data, only to merge them back for IPsec and then refragment > again. This is far away from being optimal, but this is what usually happens if a local application sends data that we need to fragment. We currently work on avoiding the linearization on IPsec, but having a skb with a fraglist is really the worst case.
--- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1353,6 +1353,7 @@ emsgsize: (skb && skb_is_gso(skb))) && (sk->sk_protocol == IPPROTO_UDP) && (rt->dst.dev->features & NETIF_F_UFO) && + !rt->dst.header_len && (sk->sk_type == SOCK_DGRAM)) { err = ip6_ufo_append_data(sk, queue, getfrag, from, length, hh_len, fragheaderlen,