From patchwork Thu Oct 8 03:31:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Maciej_=C5=BBenczykowski?= X-Patchwork-Id: 1378374 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=AtISJzcw; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4C6GvY1YJ4z9sT6 for ; Thu, 8 Oct 2020 14:31:21 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727916AbgJHDbN (ORCPT ); Wed, 7 Oct 2020 23:31:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727449AbgJHDbN (ORCPT ); Wed, 7 Oct 2020 23:31:13 -0400 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C00CC061755 for ; Wed, 7 Oct 2020 20:31:13 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id 7so3049468pgm.11 for ; Wed, 07 Oct 2020 20:31:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Es3m/cmjQjKxJAujsQdOQ0HD+2pxPVO7acZ1i2IhzqM=; b=AtISJzcwEiIn05QZ830HD6kYdZpbUl7fsKCg510A/rjSQxCSwJwtdBoKVPfedZSgDq L2pXZLdn4GUsYqb6ItD38QzRS7WwPEun7eh3oxoL0hN0coV/k8WixBXvgPEa8y5Gy3E9 OiUK4+d60w1ynA4GhvNTxgXw1iSN1ie/Y1CvKpMB/k6qx9dPBNHOnDRcgXgHEELymQqv yTHkBjtF9DPIbKve+TefVj0a1RTSDUEcYGwW1in8pQ+P5V46M/AFLiWeiZ74m5rLVUF0 DmFOF8ZT+/o9XEEiCQxgZBY5QVqEECn+tcbhuaMt9uAMPYE0sjzwbk1Lrom0MjfBnOkR cWyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Es3m/cmjQjKxJAujsQdOQ0HD+2pxPVO7acZ1i2IhzqM=; b=LLOjTV33yPBpkKjsP5ajjSmXxzARnHWZYJC1Nc4DpFIepc0tAGOxf8HG8ebEKqlOKg 9HGfiKcg9qPF/N0ZJ4KG2FEe13xVfzKrdpjIrX2tnUyFPmem6sPXNy7hdg7xRr3GgpXj +10uOZv4XuqbNLQnysLOoRRMfn6BzgTwpzQMLwa5WDOLGX/SQwNe4wbH+8wWc0YlASLL NAZveBQN5ZJ9AR0Cs65LAjUkVxFHnwdh5soMlmUvsQacBZx61zKstR9cOCmjtyYjSqKz qnUQTK9zWZa9OJG/dOaRg6LQ9z1tNpCZscmeQNgVdPG/LJYTnhAnESFK9ApvNHisy9qS cNyA== X-Gm-Message-State: AOAM531MwPTYhJbiIjOPlyhG+cRFzGP3tKd0na1ZBPebpVoP99IqSuy1 v3vwbGjBKHQXus9hHsMjesU= X-Google-Smtp-Source: ABdhPJzPLpkEVKyVQPa47WuMz2qnD1twlx2wixT5euunbgsZzNy/Q6plvIieu2UgGLUR7PJXCrDLAw== X-Received: by 2002:a17:90b:3649:: with SMTP id nh9mr5848400pjb.123.1602127872434; Wed, 07 Oct 2020 20:31:12 -0700 (PDT) Received: from athina.mtv.corp.google.com ([2620:15c:211:0:a28c:fdff:fee1:f370]) by smtp.gmail.com with ESMTPSA id 32sm5241161pgu.17.2020.10.07.20.31.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 20:31:11 -0700 (PDT) From: =?utf-8?q?Maciej_=C5=BBenczykowski?= To: =?utf-8?q?Maciej_=C5=BBenczykowski?= , "David S . Miller" Cc: Linux Network Development Mailing List , Eric Dumazet , Willem de Bruijn , Lorenzo Colitti , Sunmeet Gill , Vinay Paradkar , Tyler Wear , David Ahern Subject: [PATCH 1/2] net/ipv6: always honour route mtu during forwarding Date: Wed, 7 Oct 2020 20:31:01 -0700 Message-Id: <20201008033102.623894-1-zenczykowski@gmail.com> X-Mailer: git-send-email 2.28.0.806.g8561365e88-goog MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Maciej Żenczykowski This matches the new ipv4 behaviour as of commit: commit 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 Author: Maciej Żenczykowski Date: Wed Sep 23 13:18:15 2020 -0700 net/ipv4: always honour route mtu during forwarding The reasoning is similar: There doesn't seem to be any reason why you would want to ignore route mtu. There are two potential sources of ipv6 route mtu: - manually configured by NET_ADMIN, since you configured a route mtu explicitly you probably know best... - derived from mtu information from RA messages, but this is the network telling you what will work, again presumably whatever network admin configured the RA content knows best what the network conditions are. One could argue that RAs can be spoofed, but if we get spoofed RAs we're *already* screwed, and erroneous mtu information is less dangerous then the erroneous routes themselves... (The proper place to do RA filtering is in the switch/router) Additionally, a reduction from 1500 to 1280 (min ipv6 mtu) is not very noticable on performance (especially with gro/gso/tso), while packets getting lost (due to rx buffer overruns) or generating icmpv6 packet too big errors and needing to be retransmitted is very noticable (guaranteed impact of full rtt) It is pretty common to have a higher device mtu to allow receiving large (jumbo) frames, while having some routes via that interface (potentially including the default route to the internet) specify a lower mtu. There might also be use cases around xfrm/ipsec/tunnels. Especially for something like sit/6to4/6rd, where you may have one sit device, but traffic through it will flow over different underlying paths and thus is per subnet and not per device. (Note that this function does not honour pmtu, which can be spoofed via icmpv6 messages, but see also ip6_mtu_from_fib6() which honours pmtu for ipv6 'locked mtu' routes) Signed-off-by: Maciej Żenczykowski Cc: Eric Dumazet Cc: Willem de Bruijn Cc: Lorenzo Colitti Cc: Sunmeet Gill (Sunny) Cc: Vinay Paradkar Cc: Tyler Wear Cc: David Ahern --- include/net/ip6_route.h | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index 2a5277758379..598415743f46 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -311,19 +311,13 @@ static inline bool rt6_duplicate_nexthop(struct fib6_info *a, struct fib6_info * static inline unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) { struct inet6_dev *idev; - unsigned int mtu; + unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); + if (mtu) + return mtu; - if (dst_metric_locked(dst, RTAX_MTU)) { - mtu = dst_metric_raw(dst, RTAX_MTU); - if (mtu) - return mtu; - } - - mtu = IPV6_MIN_MTU; rcu_read_lock(); idev = __in6_dev_get(dst->dev); - if (idev) - mtu = idev->cnf.mtu6; + mtu = idev ? idev->cnf.mtu6 : IPV6_MIN_MTU; rcu_read_unlock(); return mtu; From patchwork Thu Oct 8 03:31:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Maciej_=C5=BBenczykowski?= X-Patchwork-Id: 1378375 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=mLp0RlTx; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4C6Gvb1ppGz9sTL for ; Thu, 8 Oct 2020 14:31:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728044AbgJHDbQ (ORCPT ); Wed, 7 Oct 2020 23:31:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727449AbgJHDbP (ORCPT ); Wed, 7 Oct 2020 23:31:15 -0400 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 032CBC061755 for ; Wed, 7 Oct 2020 20:31:15 -0700 (PDT) Received: by mail-pl1-x62a.google.com with SMTP id o9so2060382plx.10 for ; Wed, 07 Oct 2020 20:31:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qYTaebhwD+erOEN/Ss5QNd8/JzEr8NVtI+Cry0U9/J4=; b=mLp0RlTxXt5NrvVoQ09KJNfQjdHfvuzfFZBeaPQVKQInYeJLNO3OqQ9ANqhcBDE8Cr rbthLngDlSZsznmQVg7+ELG4wMygZ12Hv0Op268BsIHxXnaMRnbt0dxhmC3PEd9AcKns BeQBvdMt4RbmHf83AHxmVvJ4r20ZlqtUTsi6gLoyqjTpwQFsabfOjB1CJfhh2yCcbQnD z76Dr+qqdHwrgPOCTXSY5APtDk64kt2aeJprlYnaS2tI3OowjUV0QMpFPNsawj80N2QM PG21Iqv76v8N2MtwkA4n7qP8s+wdKLEoPJv9hfJjZS6kiP4Ozk2RjYu0YK3V29uQIHn7 HEag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qYTaebhwD+erOEN/Ss5QNd8/JzEr8NVtI+Cry0U9/J4=; b=Nrr/7Dc2B03eBOPQcWIWhEJgugjryEh6g2oAtUEnMezgMW+7J3c2/lhuQmyr67PYVl qYaJr9ELA3BqI9yyEcf3QffeiiCDO9/rteQaTnJWhc9UBjIm48iOvIKgmezIuhWOjl7S s/TMq+e3+NnHyHbdT79h98bmlzKUcd5nHXP9hWmeb6XreVro+v8DsbbzCmmoBlQEwNge sc/SOZzxdfEk6c1RqGcv10HMbTyb6w69S88HSK2vxZMPwdMPcm3zPxWySYhoUlYYGsfZ ZjKJyIHpnzCsuqQNdtBHS2i7f8m5XrI1Yaxoy+GwosAs11338EU7AE0V31JZZaxFDxm7 Sp+g== X-Gm-Message-State: AOAM532hDdSm6jBQQLRDqqL6HNQ0JKkA8lE7XnJMdDFWmeU9lQTHKDWv Ezq9HCaQ0uYfhY+9Kw+oNDQ= X-Google-Smtp-Source: ABdhPJyq5t4/i6HJfeHcR5f2VKgFGMUifCI4Kw+mey/s5CzfmYfBAgpY7jT3ieMdVAQnUn/yBEBTpg== X-Received: by 2002:a17:902:8ec7:b029:d2:42fe:37de with SMTP id x7-20020a1709028ec7b02900d242fe37demr5557902plo.23.1602127874522; Wed, 07 Oct 2020 20:31:14 -0700 (PDT) Received: from athina.mtv.corp.google.com ([2620:15c:211:0:a28c:fdff:fee1:f370]) by smtp.gmail.com with ESMTPSA id 32sm5241161pgu.17.2020.10.07.20.31.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 20:31:13 -0700 (PDT) From: =?utf-8?q?Maciej_=C5=BBenczykowski?= To: =?utf-8?q?Maciej_=C5=BBenczykowski?= , "David S . Miller" Cc: Linux Network Development Mailing List Subject: [PATCH 2/2] net/ipv6: ensure ip6_dst_mtu_forward() returns at least IPV6_MIN_MTU Date: Wed, 7 Oct 2020 20:31:02 -0700 Message-Id: <20201008033102.623894-2-zenczykowski@gmail.com> X-Mailer: git-send-email 2.28.0.806.g8561365e88-goog In-Reply-To: <20201008033102.623894-1-zenczykowski@gmail.com> References: <20201008033102.623894-1-zenczykowski@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Maciej Żenczykowski This is basically just a refactor. But it does affect (a presumably buggy) call site in: net/netfilter/nf_flow_table_core.c flow_offload_fill_route() Signed-off-by: Maciej Żenczykowski --- include/net/ip6_route.h | 4 ++-- net/ipv6/ip6_output.c | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index 598415743f46..25c113dd88ea 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -313,14 +313,14 @@ static inline unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) struct inet6_dev *idev; unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); if (mtu) - return mtu; + return max(mtu, (unsigned)IPV6_MIN_MTU); rcu_read_lock(); idev = __in6_dev_get(dst->dev); mtu = idev ? idev->cnf.mtu6 : IPV6_MIN_MTU; rcu_read_unlock(); - return mtu; + return max(mtu, (unsigned)IPV6_MIN_MTU); } u32 ip6_mtu_from_fib6(const struct fib6_result *res, diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index c78e67d7747f..bc85f92adaf9 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -540,8 +540,6 @@ int ip6_forward(struct sk_buff *skb) } mtu = ip6_dst_mtu_forward(dst); - if (mtu < IPV6_MIN_MTU) - mtu = IPV6_MIN_MTU; if (ip6_pkt_too_big(skb, mtu)) { /* Again, force OUTPUT device used as source address */