| Message ID | 20150529182709.2147.78230.stgit@ahduyck-vm-fedora22 (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Herbert Xu |
| Headers | show |
From: Alexander Duyck <alexander.h.duyck@redhat.com> Date: Fri, 29 May 2015 11:28:26 -0700 > From: Steffen Klassert <steffen.klassert@secunet.com> > > We currently rely on the PMTU discovery of xfrm. > However if a packet is localy sent, the PMTU mechanism > of xfrm tries to to local socket notification what > might not work for applications like ping that don't > check for this. So add pmtu handling to vti6_xmit to > report MTU changes immediately. > > Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> > Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com> Applied, thanks Andrew. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
http://www.spinics.net/lists/linux-crypto/msg15101.html > From: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > > We currently rely on the PMTU discovery of xfrm. > However if a packet is localy sent, the PMTU mechanism > of xfrm tries to to local socket notification what > might not work for applications like ping that don't > check for this. So add pmtu handling to vti6_xmit to > report MTU changes immediately. > > Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > Signed-off-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxxx> > --- > > So this version is slightly modified to cover the IPv4 case in addition to > the IPv6 case. With this patch I was able to run netperf over either an > IPv4 or IPv6 address routed over the ip6_vti tunnel. We have the same issue. When we do a local ping to a remote device over a v4 vti tunnel and an intermediate device has a low mtu, pmtu discovery reduces the route's pmtu, and ping fails because it does not handle the local error message generated by xfrm4_tunnel_check_size(). Your patch fixes our issue for v6 vti tunnels, but the issue still exists for v4 tunnels. Is there any particular reason this patch was not delivered for v4 tunnels too - i.e. in vti_xmit()? -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index d25209657edc..3b5c1ea50d2f 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -435,6 +435,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) struct net_device *tdev; struct xfrm_state *x; int err = -1; + int mtu; if (!dst) goto tx_err_link_failure; @@ -468,6 +469,19 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) skb_dst_set(skb, dst); skb->dev = skb_dst(skb)->dev; + mtu = dst_mtu(dst); + if (!skb->ignore_df && skb->len > mtu) { + skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); + + if (skb->protocol == htons(ETH_P_IPV6)) + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); + else + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, + htonl(mtu)); + + return -EMSGSIZE; + } + err = dst_output(skb); if (net_xmit_eval(err) == 0) { struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);