lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Jan 2016 17:56:40 +0800
From:	zhuyj <zyjzyj2000@...il.com>
To:	Wengang Wang <wen.gang.wang@...cle.com>, netdev@...r.kernel.org
Cc:	jay.vosburgh@...onical.com
Subject: Re: [PATCH] net: take care of bonding in build_skb_flow_key (v3)

On 01/20/2016 05:47 PM, Wengang Wang wrote:
>
>
> 在 2016年01月20日 15:54, zhuyj 写道:
>> On 01/20/2016 03:38 PM, Wengang Wang wrote:
>>>
>>>
>>> 在 2016年01月20日 14:24, zhuyj 写道:
>>>> On 01/20/2016 01:32 PM, Wengang Wang wrote:
>>>>> In a bonding setting, we determines fragment size according to MTU 
>>>>> and
>>>>> PMTU associated to the bonding master. If the slave finds the 
>>>>> fragment
>>>>> size is too big, it drops the fragment and calls ip_rt_update_pmtu(),
>>>>> passing _skb_ and _pmtu_, trying to update the path MTU.
>>>>> Problem is that the target device that function ip_rt_update_pmtu 
>>>>> actually
>>>>> tries to update is the slave (skb->dev), not the master. Thus 
>>>>> since no
>>>>> PMTU change happens on master, the fragment size for later packets 
>>>>> doesn't
>>>>> change so all later fragments/packets are dropped too.
>>>>>
>>>>> The fix is letting build_skb_flow_key() take care of the 
>>>>> transition of
>>>>> device index from bonding slave to the master. That makes the 
>>>>> master become
>>>>> the target device that ip_rt_update_pmtu tries to update PMTU to.
>>>>>
>>>>> Signed-off-by: Wengang Wang <wen.gang.wang@...cle.com>
>>>>> ---
>>>>>   net/ipv4/route.c | 13 ++++++++++++-
>>>>>   1 file changed, 12 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
>>>>> index 85f184e..c59fb0d 100644
>>>>> --- a/net/ipv4/route.c
>>>>> +++ b/net/ipv4/route.c
>>>>> @@ -523,10 +523,21 @@ static void build_skb_flow_key(struct flowi4 
>>>>> *fl4, const struct sk_buff *skb,
>>>>>                      const struct sock *sk)
>>>>>   {
>>>>>       const struct iphdr *iph = ip_hdr(skb);
>>>>> -    int oif = skb->dev->ifindex;
>>>>> +    struct net_device *master = NULL;
>>>>>       u8 tos = RT_TOS(iph->tos);
>>>>>       u8 prot = iph->protocol;
>>>>>       u32 mark = skb->mark;
>>>>> +    int oif;
>>>>> +
>>>>> +    if (skb->dev->flags & IFF_SLAVE) {
>>>>> +        rtnl_lock();
>>>>> +        master = netdev_master_upper_dev_get(skb->dev);
>>>>> +        rtnl_unlock();
>>>> update_pmtu is called very frequently. Is it appropriate to use 
>>>> rtnl_lock here?
>>> By "very frequently", how frequently it is expected? And what 
>>> situation can cause that?
>>> For my case, the update_pmtu is called only once.
>> ip_tunnel_xmit
>>
> Can you please explain with more details?

dev_queue_xmit->ipip_tunnel_xmit->ip_tunnel_xmit->tnl_update_pmtu-> 
skb_dst(skb)->ops->update_pmtu

>
> thanks,
> wengang
>
>
>> Zhu Yanjun
>>
>>>
>>> thanks,
>>> wengang
>>>
>>>> That is, rtnl_lock is called frequently. Maybe other functions have 
>>>> little chance to call rtnl_lock.
>>>>
>>>> Best Regards!
>>>> Zhu Yanjun
>>>>> +    }
>>>>> +    if (master)
>>>>> +        oif = master->ifindex;
>>>>> +    else
>>>>> +        oif = skb->dev->ifindex;
>>>>>         __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
>>>>>   }
>>>>
>>>
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ