| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5A90DA2E42F8AE43BC4A093BF0678848DEDFDB@SHSMSX104.ccr.corp.intel.com> Date: Wed, 3 Dec 2014 02:31:45 +0000 From: "Du, Fan" <fan.du@...el.com> To: Thomas Graf <tgraf@...g.ch>, "Michael S. Tsirkin" <mst@...hat.com> CC: 'Jason Wang' <jasowang@...hat.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, "fw@...len.de" <fw@...len.de>, "dev@...nvswitch.org" <dev@...nvswitch.org>, "jesse@...ira.com" <jesse@...ira.com>, "pshelar@...ira.com" <pshelar@...ira.com>, "Du, Fan" <fan.du@...el.com> Subject: RE: [PATCH net] gso: do GSO for local skb with size bigger than MTU >-----Original Message----- >From: Thomas Graf [mailto:tgr@...radead.org] On Behalf Of Thomas Graf >Sent: Wednesday, December 3, 2014 1:42 AM >To: Michael S. Tsirkin >Cc: Du, Fan; 'Jason Wang'; netdev@...r.kernel.org; davem@...emloft.net; >fw@...len.de; dev@...nvswitch.org; jesse@...ira.com; pshelar@...ira.com >Subject: Re: [PATCH net] gso: do GSO for local skb with size bigger than MTU > >On 12/02/14 at 07:34pm, Michael S. Tsirkin wrote: >> On Tue, Dec 02, 2014 at 05:09:27PM +0000, Thomas Graf wrote: >> > On 12/02/14 at 01:48pm, Flavio Leitner wrote: >> > > What about containers or any other virtualization environment that >> > > doesn't use Virtio? >> > >> > The host can dictate the MTU in that case for both veth or OVS >> > internal which would be primary container plumbing techniques. >> >> It typically can't do this easily for VMs with emulated devices: >> real ethernet uses a fixed MTU. >> >> IMHO it's confusing to suggest MTU as a fix for this bug, it's an >> unrelated optimization. >> ICMP_DEST_UNREACH/ICMP_FRAG_NEEDED is the right fix here. > >PMTU discovery only resolves the issue if an actual IP stack is running inside the >VM. This may not be the case at all. ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Some thoughts here: Think otherwise, this is indeed what host stack should forge a ICMP_DEST_UNREACH/ICMP_FRAG_NEEDED message with _inner_ skb network and transport header, do whatever type of encapsulation, and thereafter push such packet upward to Guest/Container, which make them feel, the intermediate node or the peer send such message. PMTU should be expected to work correct. And such behavior should be shared by all other encapsulation tech if they are also suffered. >I agree that exposing an MTU towards the guest is not applicable in all situations, >in particular because it is difficult to decide what MTU to expose. It is a relatively >elegant solution in a lot of virtualization host cases hooked up to an orchestration >system though. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists