| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Apr 2014 00:21:55 +0900 From: Toshiaki Makita <toshiaki.makita1@...il.com> To: vyasevic@...hat.com Cc: Toshiaki Makita <makita.toshiaki@....ntt.co.jp>, Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org Subject: Re: [RFC PATCH] vlan: Try to adjust lower device mtu when configuring 802.1AD vlans On Fri, 2014-04-04 at 11:22 -0400, Vlad Yasevich wrote: > On 04/04/2014 11:08 AM, Toshiaki Makita wrote: > > On Thu, 2014-04-03 at 09:07 -0400, Vlad Yasevich wrote: > >> On 04/03/2014 04:32 AM, Toshiaki Makita wrote: > >>> (2014/04/03 1:44), Vlad Yasevich wrote: > >>>> On 04/02/2014 12:37 PM, Toshiaki Makita wrote: > >>>>> On Wed, 2014-04-02 at 09:31 -0400, Vlad Yasevich wrote: > >>>>>> On 04/02/2014 08:21 AM, Patrick McHardy wrote: > >>>>>>> On Tue, Apr 01, 2014 at 05:17:34PM -0400, Vlad Yasevich wrote: > >>>>>>>> 802.1AD vlans supposed to encapsulate 802.1Q vlans. To > >>>>>>>> do this, we need an extra 4 bytes of header which are typically > >>>>>>>> not accounted for by lower devices. Some devices can not > >>>>>>>> support frames longer then 1522 bytes at all. Such devices > >>>>>>>> can not really support 802.1AD, even in software, without > >>>>>>>> the vlan reducing its mtu value. > >>>>>>>> > >>>>>>>> This patch propses to increate the lower devices MTU to 1504 > >>>>>>>> in case of 802.1AD configuration, and if device doesn't > >>>>>>>> support it, fail the creation of the vlan. The user has an > >>>>>>>> option to configure older-style Q-in-Q vlans and manually > >>>>>>>> lower the mtu to support such encapsulation. > >>>>>>> > >>>>>>> I think you should do the opposite. The lower layer device may be used > >>>>>>> for other things than the VLAN, so it doesn't seem right to change it's > >>>>>>> MTU. Instead I'd propose to set the MTU of the 802.1ad VLAN device to > >>>>>>> the lower device'e MTU - 4 unless a MTU has been specified by the user. > >>>>>>> > >>>>>> > >>>>>> The decrease of vlan mtu was my initial take on this as well. The > >>>>>> problematic case with this is forwarding by an encapsulating > >>>>>> bridge (bridge that has 802.1AD as one port and ethX as others). The > >>>>>> frame from ethX will not fit into the mtu of the vlan device in > >>>>>> this case and the packet is dropped. Ideally, we'd generate and ICMP > >>>>>> Too Big, but with the bridge we can't/don't do that. > >>>>>> > >>>>>> Another problem is that linux assumes that MTU == MRU in case of > >>>>>> device receive buffer programming. Thus, full sized 802.1AD > >>>>>> frames transmitted by the switch supporting it will probably get dropped > >>>>>> by the driver/firmware as too long. I've tested this and saw it > >>>>>> happen on my systems. > >>>>>> > >>>>>> An alternative I've thought off is to adjust the rx size in the drivers > >>>>>> when 802.1AD is configured, but that touches all the drivers, and > >>>>>> doesn't work well for not vlan-filtering drivers. It needs a new > >>>>>> ndo api to adjust the rx length to make it consistent across all > >>>>>> devices. > >>>>>> > >>>>>>> BTW, I couldn't find anything related to MTU handling in the 802.1ad > >>>>>>> standard, however I only have an old copy and might have looked in the > >>>>>>> wrong place. Do you have any information how this is supposed to be > >>>>>>> handled? > >>>>>>> > >>>>>> > >>>>>> The standard doesn't seem to mention anything about it, but looking > >>>>>> at switch implementations, most of them require a bump in the mtu to > >>>>>> 1504 to support 802.1AD. Some allow for the decrease in vlan mtu, but > >>>>>> that also requires mss translations as well. > >>>>> > >>>>> 802.1ad was merged into 802.1Q-2011, and G.2.2 in it refers to maximum > >>>>> pdu size. However, this doesn't seem to mention the case where frames > >>>>> are double tagged. > >>>>> > >>>>> MEF 6.1 requires UNI MTU size >= 1522 and MEF 31 requires E-NNI MTU size > >>>>>> = 1526 (In these documents, MTU seems to mean frame size). > >>>>> This implies that we should allow 1508 bytes of MTU size when we use > >>>>> 802.1AD. > >>>>> > >>>> > >>>> 1522 = 1500 + 14 + 4 (.1Q) + 4 (FCS) > >>>> > >>>>> Is 1504 enough? > >>>> > >>>> 1526 = 1500 + 14 +4 (.1Q) + 4 (.1AD) + 4(FCS) > >>> > >>> Thank you for the supplementation. > >>> > >>>> > >>>> This is why Cisco docs recommend mtu of 1504. > >>>> > >>>> Of course this doesn't in any way account for stacked .1AD tags. > >>> > >>> So we are likely to receive 1508 (1526) sized frames in 802.1ad network. > >> > >> 1526 byte frame is 1504 mtu, as demonstrated above. > > > > Not so sure. > > It's true only if NIC reserves extra 4 bytes for mtu. > > Pretty much all drivers reserve extra 4 bytes for the .1Q header. Looking over some drivers, as you say, most drivers do it. But I couldn't find extra room for vlan header in cxgb. Also, some drivers don't seem to like this approach... bnx2x already reserves 8 bytes for vlans. qlge accepts only 1500 or 9000 mtu (and maybe 1500 setting allows up to 2048 frame size?) > > > If the outer 802.1ad tag is not recognized as a vlan tag by NIC, both > > the outer tag and the inner tag are not ethernet header but payload to > > the NIC. > > But the nic doesn't really care about MTU values itself. It uses it > to compute the frame length that it will support for rx and tx. That > computation is what the above math shows. > > So, the nics that do not support .1AD acceleration (the ones you > mentioned above), will already account for the .1Q header, but the MTU > (payload) needs to increased by 4 bytes to account for .1AD header. > We don't have to account for .1Q header again. Fair enough. Thanks, Toshiaki Makita -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists