From patchwork Sat Nov 7 19:59:46 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Stringer X-Patchwork-Id: 541367 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id 9CF611409A0 for ; Sun, 8 Nov 2015 07:01:09 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=DnOVln5e; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 5893610A4F; Sat, 7 Nov 2015 12:00:26 -0800 (PST) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id 10F1B10A49 for ; Sat, 7 Nov 2015 12:00:25 -0800 (PST) Received: from bar4.cudamail.com (localhost [127.0.0.1]) by mx3v3.cudamail.com (Postfix) with ESMTPS id 883FD162F76 for ; Sat, 7 Nov 2015 13:00:24 -0700 (MST) X-ASG-Debug-ID: 1446926424-03dc217ee30dbb0001-byXFYA Received: from mx3-pf2.cudamail.com ([192.168.14.1]) by bar4.cudamail.com with ESMTP id 0mEC66JuPl7wBOc6 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 07 Nov 2015 13:00:24 -0700 (MST) X-Barracuda-Envelope-From: joestringer@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.1 Received: from unknown (HELO mail-pa0-f49.google.com) (209.85.220.49) by mx3-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 7 Nov 2015 20:00:24 -0000 Received-SPF: unknown (mx3-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.49 Received: by pabfh17 with SMTP id fh17so156582448pab.0 for ; Sat, 07 Nov 2015 12:00:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=7W20zcY4GasoS1PucmGBbSn3a2YLDNKH2/FBSCK4EFw=; b=DnOVln5ebQYm1ykoc+UB/e2Lecx0abF+zwAVEwV6y8Ysyww6kKbPNS9GDneg5WELhx hH8kDRIFxRE5Lz+4dG0S8BZgueH3gy2oR6eaUFnGePxYzvj8JAtmnUho65ySiHxugDzt hxi76/P9rLA9SMNViYi+puv9I/5ZYNFZFXY+Ylh5ZD7VgkvFxu3QB68lev7F113Bghbv BjWq9FyjgC5vUMANsNypdrKEqJjjB+LE4aDjbxx7GUf53NfEcxQJPRfBFs3dZTI4TeVv 7utwQse33bfp2wVhQrwkwTnCWGNQvpjRUBgdICcpim4b+hw5fYTnUwn2zFaRSoYXSuW9 OAyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=7W20zcY4GasoS1PucmGBbSn3a2YLDNKH2/FBSCK4EFw=; b=fhISfvnL/vxsjsd48cbeUjZNZ0ZT+QEAgIRqV+JOzL2bfS9WFPP4GCGDZQC+7P2yH7 ftvpkJuK9AuEZSIdwhvWzhXgp5qfwfStPn2fSTIva1oO3iVd97uMk+7uTvBn8HS4yCVW gjlnrWBPxkMDtOuHM3gU0d5N3V3djFhNNpi5o4jRaq0Op5N3mdMjocxbt8mRo+ciflhO jM5uSABW9pYljw9QLtNzGubpgKgjn8ISN+EgqE52vprwPmroajRvkOOjeDXTa9nJuqly sCp9IKGGcGwxdG+Bg10QuuXtwbwwZ4Igkn21U1PSRiEZHXKDnIyZPiLgbukYZa2oQP89 doUQ== X-Gm-Message-State: ALoCoQkNdNfcOveIFLLgM/hkjMwNiRHYbyOu3rg/i79Ov4G8MLlRBLlsS1itBlQUL0Fon3qADIWS X-Received: by 10.66.190.38 with SMTP id gn6mr26957499pac.3.1446926423649; Sat, 07 Nov 2015 12:00:23 -0800 (PST) Received: from localhost.localdomain ([208.91.2.4]) by smtp.gmail.com with ESMTPSA id nu5sm7312219pbb.65.2015.11.07.12.00.22 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 07 Nov 2015 12:00:22 -0800 (PST) X-CudaMail-Envelope-Sender: joestringer@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.2.4 From: Joe Stringer To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V2-1106015416 X-CudaMail-DTE: 110715 X-CudaMail-Originating-IP: 209.85.220.49 Date: Sat, 7 Nov 2015 11:59:46 -0800 X-ASG-Orig-Subj: [##CM-V2-1106015416##][PATCH 08/23] compat: Wrap IPv4 fragmentation. Message-Id: <1446926401-55723-9-git-send-email-joestringer@nicira.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1446926401-55723-1-git-send-email-joestringer@nicira.com> References: <1446926401-55723-1-git-send-email-joestringer@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.14.1] X-Barracuda-Start-Time: 1446926424 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 08/23] compat: Wrap IPv4 fragmentation. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Most kernels provide some form of ip fragmentation. However, until recently many of them would always send ICMP responses for over_MTU packets, even when operating in bridge mode. Backport the check to ensure this doesn't occur. Signed-off-by: Joe Stringer --- acinclude.m4 | 1 + datapath/linux/compat/include/net/ip.h | 46 ++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index 33e52d268b85..255fd7209ed5 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -349,6 +349,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/ip.h], [inet_get_local_port_range.*net], [OVS_DEFINE([HAVE_INET_GET_LOCAL_PORT_RANGE_USING_NET])]) + OVS_GREP_IFELSE([$KSRC/include/net/ip.h], [ip_do_fragment]) OVS_GREP_IFELSE([$KSRC/include/net/ip.h], [ip_is_fragment]) OVS_GREP_IFELSE([$KSRC/include/net/ip.h], [ip_skb_dst_mtu]) OVS_GREP_IFELSE([$KSRC/include/net/dst_metadata.h], [metadata_dst]) diff --git a/datapath/linux/compat/include/net/ip.h b/datapath/linux/compat/include/net/ip.h index ead6e2904ba7..c6e7a2194a06 100644 --- a/datapath/linux/compat/include/net/ip.h +++ b/datapath/linux/compat/include/net/ip.h @@ -3,6 +3,7 @@ #include_next +#include #include #ifndef HAVE_IP_IS_FRAGMENT @@ -61,4 +62,49 @@ static inline unsigned int rpl_ip_skb_dst_mtu(const struct sk_buff *skb) #define ip_skb_dst_mtu rpl_ip_skb_dst_mtu #endif /* HAVE_IP_SKB_DST_MTU */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) +#define OVS_VPORT_OUTPUT_PARAMS struct sk_buff *skb +#else +#define OVS_VPORT_OUTPUT_PARAMS struct sock *sock, struct sk_buff *skb +#endif /* 4.1 */ + +#ifdef OVS_FRAGMENT_BACKPORT + +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,2,0) +static inline bool ip_defrag_user_in_between(u32 user, + enum ip_defrag_users lower_bond, + enum ip_defrag_users upper_bond) +{ + return user >= lower_bond && user <= upper_bond; +} +#endif + +#ifndef HAVE_IP_DO_FRAGMENT +static inline int rpl_ip_do_fragment(struct sock *sk, struct sk_buff *skb, + int (*output)(OVS_VPORT_OUTPUT_PARAMS)) +{ + unsigned int mtu = ip_skb_dst_mtu(skb); + struct iphdr *iph = ip_hdr(skb); + struct rtable *rt = skb_rtable(skb); + struct net_device *dev = rt->dst.dev; + + if (unlikely(((iph->frag_off & htons(IP_DF)) && !skb->ignore_df) || + (IPCB(skb)->frag_max_size && + IPCB(skb)->frag_max_size > mtu))) { + + pr_warn("Dropping packet in ip_do_fragment()\n"); + IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS); + kfree_skb(skb); + return -EMSGSIZE; + } + +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) + return ip_fragment(skb, output); +#else + return ip_fragment(sk, skb, output); +#endif +} +#define ip_do_fragment rpl_ip_do_fragment +#endif /* IP_DO_FRAGMENT */ +#endif /* OVS_FRAGMENT_BACKPORT */ #endif