From patchwork Fri Feb 26 21:35:05 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eyal Birger <eyal.birger@gmail.com>
X-Patchwork-Id: 12107423
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4D76AC433E6
	for <netdev@archiver.kernel.org>; Fri, 26 Feb 2021 21:36:15 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 1706E64DA3
	for <netdev@archiver.kernel.org>; Fri, 26 Feb 2021 21:36:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230079AbhBZVgN (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Fri, 26 Feb 2021 16:36:13 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58362 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230006AbhBZVgM (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 26 Feb 2021 16:36:12 -0500
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com
 [IPv6:2a00:1450:4864:20::434])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9544C06174A
        for <netdev@vger.kernel.org>; Fri, 26 Feb 2021 13:35:31 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id v15so9944007wrx.4
        for <netdev@vger.kernel.org>; Fri, 26 Feb 2021 13:35:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=svObjMrcN22PBcmuOZmLx1uraCKg2eMVORpWVmd2BuU=;
        b=XHpBamBEXOK9XTO+R/YEMLY57CFTCXcc35qWTZ2DDLPNIqsidh8gXRCzGZytuffWpQ
         TuFqavehgBb9sSO35Scv9IUHP1y/Fn8MM5QN8WVtPNbJUO1jZQnHFKvaqY2OLvvCQFkC
         ATbFnQKtyYEX20scfm/ZHFsrfsQi1DV0sSRMUaa4gROQ9aWcfAzkgcmxR1Gx1iawqRDj
         mM6kq5KzGMARHRuZR5xaxJk6QljLLklc4fGUnIF2uQURQ/nhqdKvdmVSiXmIyiaukeNy
         7IM9TVxAwFNJh5P+lVeRLR4YDKpfg2dRGn7hUKoJdIKpAtgvKs9MctZZbR9KkNGPvyyC
         vjQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=svObjMrcN22PBcmuOZmLx1uraCKg2eMVORpWVmd2BuU=;
        b=j5je+oU7sVGoaePaJxQo54N9OTy3EuOtsjdz5EdNEp1NfpKd4uIbjO9zx1uNTLdutH
         qRCqEL3Y+CqKhf21OBdKq6xGyKofNTWPFezN+3D1VzEzohWXUh8HjWhNpc5mbF2VFh0W
         kDb61AXYXjUqfHC+L0Ed/ZRkrMBr9dk2jmUsrdg05q5t34qg7lMRCxbUAK5kIq4NEW6l
         OBpqMCYi6Uf8s1YvImZw8uyVUe86uf1IAJaWcIGUOOScJ9Y6qMORx9SDVsLaisi2x8c9
         BYyZuGtjF2MMKOKyk7OvTCzuXv+VZj2yi3LOT/F+hdWZMcwHIkyIoE979ZneB+3blK3/
         yS/g==
X-Gm-Message-State: AOAM532Hh7I4ckOyQX9qDxNwyXrSSdY2vf/lOenU0VhCe6yCzKM9uD1Q
        0Tmbvx8Ebm1oYdbxIJTdQZE=
X-Google-Smtp-Source: 
 ABdhPJw+6h6U8QclJbQQ9UxaxGi7eE7HhGIu740UEG4CGASz3EUNADkWKrXIct2EUIA5EtIc5GHlFQ==
X-Received: by 2002:a5d:430a:: with SMTP id h10mr5364048wrq.162.1614375330356;
        Fri, 26 Feb 2021 13:35:30 -0800 (PST)
Received: from localhost.localdomain ([213.57.166.51])
        by smtp.gmail.com with ESMTPSA id
 z11sm17587241wrm.72.2021.02.26.13.35.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 26 Feb 2021 13:35:29 -0800 (PST)
From: Eyal Birger <eyal.birger@gmail.com>
To: steffen.klassert@secunet.com, herbert@gondor.apana.org.au,
        davem@davemloft.net, kuba@kernel.org
Cc: netdev@vger.kernel.org, bram-yvahk@mail.wizbit.be,
        sd@queasysnail.net, Eyal Birger <eyal.birger@gmail.com>
Subject: [PATCH ipsec 1/2] vti: fix ipv4 pmtu check to honor ip header df
Date: Fri, 26 Feb 2021 23:35:05 +0200
Message-Id: <20210226213506.506799-2-eyal.birger@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210226213506.506799-1-eyal.birger@gmail.com>
References: <20210226213506.506799-1-eyal.birger@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Frag needed should only be sent if the header enables DF.

This fix allows packets larger than MTU to pass the vti interface
and be fragmented after encapsulation, aligning behavior with
non-vti xfrm.

Fixes: d6af1a31cc72 ("vti: Add pmtu handling to vti_xmit.")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
---
 net/ipv4/ip_vti.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index abc171e79d3e..613741384490 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -218,7 +218,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 	}
 
 	if (dst->flags & DST_XFRM_QUEUE)
-		goto queued;
+		goto xmit;
 
 	if (!vti_state_check(dst->xfrm, parms->iph.daddr, parms->iph.saddr)) {
 		dev->stats.tx_carrier_errors++;
@@ -238,6 +238,8 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 	if (skb->len > mtu) {
 		skb_dst_update_pmtu_no_confirm(skb, mtu);
 		if (skb->protocol == htons(ETH_P_IP)) {
+			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+				goto xmit;
 			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 				  htonl(mtu));
 		} else {
@@ -251,7 +253,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
 		goto tx_error;
 	}
 
-queued:
+xmit:
 	skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
 	skb_dst_set(skb, dst);
 	skb->dev = skb_dst(skb)->dev;

From patchwork Fri Feb 26 21:35:06 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eyal Birger <eyal.birger@gmail.com>
X-Patchwork-Id: 12107425
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7D186C433E0
	for <netdev@archiver.kernel.org>; Fri, 26 Feb 2021 21:36:24 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 439C064DA3
	for <netdev@archiver.kernel.org>; Fri, 26 Feb 2021 21:36:24 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230141AbhBZVgX (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Fri, 26 Feb 2021 16:36:23 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58372 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230006AbhBZVgO (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 26 Feb 2021 16:36:14 -0500
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com
 [IPv6:2a00:1450:4864:20::432])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15342C061756
        for <netdev@vger.kernel.org>; Fri, 26 Feb 2021 13:35:34 -0800 (PST)
Received: by mail-wr1-x432.google.com with SMTP id 7so9943628wrz.0
        for <netdev@vger.kernel.org>; Fri, 26 Feb 2021 13:35:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=CTK2CZW6dThnJoLa96XyzUuczzpCg6mfYSe2z1EpnaA=;
        b=RNworZCVBIJIg7DrO8emBzugLV072do89NPseJKP6lQfoqKGxsNl8wXAWOsdk68LXr
         2Og0VT0nJc4vIcVx0yuEqGH4dYDyvrPaDsl/G1pte9rFZZ9IhYHRVs6UBsZ/I723Fl+t
         vpoxMQlfTzXzLpQGGHHgkTp93Kt4FerIMbSmcGMsR8CP5rvGCEGsgjhV2wpk0M0IJ9vc
         vcEyhXLCpbnuHrP7tkcxfQd4pCwylzvZ+E+BwFN6kutgOu1SMMbT46p6dbEEWrkaW/bG
         3atjo1dxyPaEbJe+knWPUkQNolJ9IQBFJiZyejiZBWzboyMbDcTMJZSmsdgZG5WTUizc
         pnXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=CTK2CZW6dThnJoLa96XyzUuczzpCg6mfYSe2z1EpnaA=;
        b=WvYvxpaR7C8VRWqW8a+mxakPAlG+Z5OmYkpA1cfntz4rnilHlTnViu5B5u2dwK7Rn3
         lnyn2iboVpi0hzAT6GQrSye3a+WMrAyAahxwJau93W5nGqTGECGCD3s2ZwMPl7X8kztF
         Ii7s2894VBwAnLTfIK2R1EXKvuNFELhez9Wvy9utJ+e6sHRLan5Y36X1/KxrqdnuAI4c
         +o51WYFLvJrJbFwcXI4RWEqI3xyiLgTs5r3uIj/z8f5ANLFZMJZZ9nYGtSlPEnxYYONh
         pC0NZwRZqSmDhB9enLUDO/eX2f79b6vA1ZvfjK3vmyLRIvsON/zEz2LL5k924cWSVKuZ
         IjqA==
X-Gm-Message-State: AOAM533lp4a+2vlA7eMeBhfLmIAhN14l1wrkSkyTMSbQ6Jot2Y9jyLbk
        QFUd9cHppXZkIAwQH4pDBgw=
X-Google-Smtp-Source: 
 ABdhPJz2lLkTOKGPoUwdVQF1+LjfwyHqVhyvDE/IiS//qK+jUCCtQAWlL2FQ3ootFDEdm6ip8KrAnA==
X-Received: by 2002:adf:b1c9:: with SMTP id r9mr5375017wra.51.1614375332778;
        Fri, 26 Feb 2021 13:35:32 -0800 (PST)
Received: from localhost.localdomain ([213.57.166.51])
        by smtp.gmail.com with ESMTPSA id
 z11sm17587241wrm.72.2021.02.26.13.35.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 26 Feb 2021 13:35:32 -0800 (PST)
From: Eyal Birger <eyal.birger@gmail.com>
To: steffen.klassert@secunet.com, herbert@gondor.apana.org.au,
        davem@davemloft.net, kuba@kernel.org
Cc: netdev@vger.kernel.org, bram-yvahk@mail.wizbit.be,
        sd@queasysnail.net, Eyal Birger <eyal.birger@gmail.com>
Subject: [PATCH ipsec 2/2] vti6: fix ipv4 pmtu check to honor ip header df
Date: Fri, 26 Feb 2021 23:35:06 +0200
Message-Id: <20210226213506.506799-3-eyal.birger@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210226213506.506799-1-eyal.birger@gmail.com>
References: <20210226213506.506799-1-eyal.birger@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Frag needed should only be sent if the header enables DF.

This fix allows IPv4 packets larger than MTU to pass the vti6 interface
and be fragmented after encapsulation, aligning behavior with
non-vti6 xfrm.

Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
---
 net/ipv6/ip6_vti.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 0225fd694192..2f0be5ac021c 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -494,7 +494,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 	}
 
 	if (dst->flags & DST_XFRM_QUEUE)
-		goto queued;
+		goto xmit;
 
 	x = dst->xfrm;
 	if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
@@ -523,6 +523,8 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 
 			icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 		} else {
+			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+				goto xmit;
 			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 				  htonl(mtu));
 		}
@@ -531,7 +533,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 		goto tx_err_dst_release;
 	}
 
-queued:
+xmit:
 	skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
 	skb_dst_set(skb, dst);
 	skb->dev = skb_dst(skb)->dev;