lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140408143318.GD31953@breakpoint.cc>
Date:	Tue, 8 Apr 2014 16:33:18 +0200
From:	Florian Westphal <fw@...len.de>
To:	Tobias Brunner <tobias@...ongswan.org>
Cc:	Florian Westphal <fw@...len.de>, netdev@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Marcelo Ricardo Leitner <mleitner@...hat.com>
Subject: Re: Problems with fragments since gso skb forwarding changes in
 virtual environment

Tobias Brunner <tobias@...ongswan.org> wrote:
> > 
> > Host A - br1 - Router R - br2 - Host B
> >   Mtu >1500               Mtu 1500
> > 
> > 1. host A sends GSO packet, DF not set
> > 2. packet arrives at R, still GSO packet
> > 3. forward on R fragments packet since it won't fit
> >    outgoing interface (which is normal virtio ethernet) mtu
> > 4. fragmented packets leave R
> > 5. fragmented packets arrive on host system (not pictured above) br2
> > interface
> > 
> > 6. packets are being bridged on host system, call_iptables sysctl on
> > 7. packets are defragmented by netfilter on host due to call_iptables
> > sysctl on
> > 8. packets are tossed on host in br_dev_queue_push_xmit because
> >    is_skb_forwardable() returns false
> > 
> > Is that correct?
> 
> Exactly.  The MTU is 1500 on all interfaces though.

Thanks for clarifying. In this case there is another problem as well as
no fragments should be generated in the forwarding path if the outgoing mtu
is not reduced.

Most likely a problem with udp gso + skb_gso_network_seglen().

I'll report back, thanks for your feedback.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ