From patchwork Mon Apr 17 09:29:00 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Denis K <denis281089@gmail.com>
X-Patchwork-Id: 1769515
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=SuHJnKYS;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=JEnzFWrE;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q0MLz67s0z1yZr
	for <incoming@patchwork.ozlabs.org>; Mon, 17 Apr 2023 19:34:03 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To
	:From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=xMAvJhRjgaOh/mtnwOEyuOoJE1N6fj+YqPSPsMP4IaQ=; b=SuHJnKYSpWSV0g
	W7EHkadMjluWslQ2hjssYfABnVi6ItaX0AgTnQfv41dv+iNl03umHVdBuNh5ghN61/9IORbjAcxPG
	olQ9I4gs4HPHbjLDVKIV7Mrh1l0OpRtXY4QkdtO+8XR/LoWChQgxiTSb8PuRE/h5L4ATDR86zyOBX
	QEn5PFu6C1beHaAokKgpG84xoC/qNd2jcWUSO3XQotIQNdoSVQIb/mas0/D+dMt61uxZn0N3s4r6J
	grluk5t2q4Xt2gTm8+uch0yYX6tP/DD7eyYY9R9cZVM1acJipBTtU5svpUBOn64gGMTWBl6RpviyH
	614VNAc4xziKGKC7bPEA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1poLCp-00FZwS-2l;
	Mon, 17 Apr 2023 09:31:27 +0000
Received: from mail-lf1-x131.google.com ([2a00:1450:4864:20::131])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1poLCn-00FZtg-1F
	for openwrt-devel@lists.openwrt.org;
	Mon, 17 Apr 2023 09:31:26 +0000
Received: by mail-lf1-x131.google.com with SMTP id
 2adb3069b0e04-4edc7cc6f46so199504e87.1
        for <openwrt-devel@lists.openwrt.org>;
 Mon, 17 Apr 2023 02:31:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1681723880; x=1684315880;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=lqyK1VdG8TJ2MOvD/MJVN/K+CJCxtbqNhe7yYybOh78=;
        b=JEnzFWrE8KYv+GfqnVhOQ2C84ynAqT+47yMbm2Mvub2XH0HWtugR9/j+9Ravgdx+0E
         lyMak9hBExzfplQRE3v2FAZg+UjctVOrkUUIuGnufLuItoJMag5UIwJooODWWr9dGQgT
         pyBpY6GpwBi4s/tXBLVVsP7O/JKrViLWrnNqyrCO0DLASoGN2YiIcR9s/Avql4IwF4V2
         CB0b9L5v4BHjOJ3smuZ2EltAhcTjdabNd7FiJt2ohLAznKi40VG5mBm7FwYTJEQHUgm7
         jxEIlE5xSy/TISutpcnCepSd71OpO7g+UhgcgvJit8EOYQIZ49ULT4g4v5FqvnEftiUk
         AeWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1681723880; x=1684315880;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=lqyK1VdG8TJ2MOvD/MJVN/K+CJCxtbqNhe7yYybOh78=;
        b=WDnIgObvxBOrkbbl/wxmmWH7ROXrES7odquwZZ3MqHleqQa+rX8bW6hGQZuZQh0+gp
         nuC0rmtB/xr1vRVXA88n8RraYNtkJiUFGT2hzs4ht0UoZ+mnsZBDUxOOtn1WRGsZsZxo
         Smy1On8CBAd+apAcnjsmlGdx8g+n3DkOtwd5BZdzLc5xijknJ5b5M59Dtb+gCwSrWSIk
         tf8IsK2FM091cJ0ojnQtiYWljLph7Q/WrzlPH+F9aehTEdwBdIeR2FdTf3v2LwfsqKsj
         xXpzecBixdNDQEHJftoMcwfnD1iB29sCj/eJNSLDavihMxJDHdgUIGO1lxWJwtnIJHK6
         sVuA==
X-Gm-Message-State: AAQBX9f6BgXc/Rgn8PegPuhrqkoxLzJP7MJo2e7mAPeYnczM9GHNd9eX
	+FCD3aFjeLYF3VSdjMblU4asKGhrz2w=
X-Google-Smtp-Source: 
 AKy350aoeKNe0yW70EB/FC//C5vEmC5uSxFSnohQEe7n/X+/kAoT/iyCBligIurfy388+VnrLa9jAw==
X-Received: by 2002:a05:6512:407:b0:4ed:c8ba:dfb2 with SMTP id
 u7-20020a056512040700b004edc8badfb2mr112183lfk.65.1681723879632;
        Mon, 17 Apr 2023 02:31:19 -0700 (PDT)
Received: from kalashnikov.user.kdf.lan ([217.25.237.143])
        by smtp.gmail.com with ESMTPSA id
 p5-20020ac246c5000000b004ec55a15b39sm1983234lfo.110.2023.04.17.02.31.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 17 Apr 2023 02:31:19 -0700 (PDT)
From: Denis Kalashnikov <denis281089@gmail.com>
To: openwrt-devel@lists.openwrt.org,
	Felix Fietkau <nbd@openwrt.org>
Subject: [PATCH] netifd: add support of GRE tunnel ignore-df option
Date: Mon, 17 Apr 2023 12:29:00 +0300
Message-Id: <20230417092900.4374-1-denis281089@gmail.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230417_023125_422297_0005C947 
X-CRM114-Status: GOOD (  11.34  )
X-Spam-Score: 0.1 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  This is useful for GRE TAP tunnel when tunnel is added to
   a br-lan bridge. In this case you need to create it with "nopmtudisc
 ignore-df".
    Otherwise large IP-packets with DF=1 (TCP-data, large pings) [...]
 Content analysis details:   (0.1 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:131 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider
                             [denis281089[at]gmail.com]
  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
                             in digit
                             [denis281089[at]gmail.com]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

This is useful for GRE TAP tunnel when tunnel is added to a br-lan bridge.
In this case you need to create it with "nopmtudisc ignore-df". Otherwise
large IP-packets with DF=1 (TCP-data, large pings) will be silently dropped
(since DF=1 but stack failed to send ICMP "need fragmentation" back). But with
"ignore-df" packets with DF=1 will be fragmented.

Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
---
 system-linux.c | 5 +++++
 system.c       | 1 +
 system.h       | 1 +
 3 files changed, 7 insertions(+)

diff --git a/system-linux.c b/system-linux.c
index e4041fb..4397460 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -3500,6 +3500,11 @@ static int system_add_gre_tunnel(const char *name, const char *kind,
 
 		nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0);
 
+		if ((cur = tb[TUNNEL_ATTR_IGNORE_DF])) {
+			nla_put_u8(nlm, IFLA_GRE_IGNORE_DF,
+				blobmsg_get_bool(cur));
+		}
+
 		nla_put_u8(nlm, IFLA_GRE_TOS, tos);
 	}
 
diff --git a/system.c b/system.c
index 32597c1..e773245 100644
--- a/system.c
+++ b/system.c
@@ -21,6 +21,7 @@ static const struct blobmsg_policy tunnel_attrs[__TUNNEL_ATTR_MAX] = {
 	[TUNNEL_ATTR_REMOTE] = { .name = "remote", .type = BLOBMSG_TYPE_STRING },
 	[TUNNEL_ATTR_MTU] = { .name = "mtu", .type = BLOBMSG_TYPE_INT32 },
 	[TUNNEL_ATTR_DF] = { .name = "df", .type = BLOBMSG_TYPE_BOOL },
+	[TUNNEL_ATTR_IGNORE_DF] = { .name = "ignore-df", .type = BLOBMSG_TYPE_BOOL },
 	[TUNNEL_ATTR_TTL] = { .name = "ttl", .type = BLOBMSG_TYPE_INT32 },
 	[TUNNEL_ATTR_TOS] = { .name = "tos", .type = BLOBMSG_TYPE_STRING },
 	[TUNNEL_ATTR_LINK] = { .name = "link", .type = BLOBMSG_TYPE_STRING },
diff --git a/system.h b/system.h
index 1f7037d..a7a713d 100644
--- a/system.h
+++ b/system.h
@@ -29,6 +29,7 @@ enum tunnel_param {
 	TUNNEL_ATTR_LOCAL,
 	TUNNEL_ATTR_MTU,
 	TUNNEL_ATTR_DF,
+	TUNNEL_ATTR_IGNORE_DF,
 	TUNNEL_ATTR_TTL,
 	TUNNEL_ATTR_TOS,
 	TUNNEL_ATTR_LINK,