| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Jan 2015 13:58:21 +0800 From: Fan Du <fengyuleidian0615@...il.com> To: Jesse Gross <jesse@...ira.com> CC: "Du, Fan" <fan.du@...el.com>, Thomas Graf <tgraf@...g.ch>, "davem@...emloft.net" <davem@...emloft.net>, "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "fw@...len.de" <fw@...len.de>, "dev@...nvswitch.org" <dev@...nvswitch.org>, "pshelar@...ira.com" <pshelar@...ira.com> Subject: Re: [PATCH net] gso: do GSO for local skb with size bigger than MTU 于 2015年01月07日 03:11, Jesse Gross 写道: >>> One of the reasons for only doing path MTU discovery >>> >>for L3 is that it operates seamlessly as part of normal operation - >>> >>there is no need to forge addresses or potentially generate ICMP when >>> >>on an L2 network. However, this ignores the IP handling that is going >>> >>on (note that in OVS it is possible for L3 to be implemented as a set >>> >>of flows coming from a controller). >>> >> >>> >>It also should not be VXLAN specific or duplicate VXLAN encapsulation >>> >>code. As this is happening before encapsulation, the generated ICMP >>> >>does not need to be encapsulated either if it is created in the right >>> >>location. >> > >> >Yes, I agree. GRE share the same issue from the code flow. >> >Pushing back ICMP msg back without encapsulation without circulating down >> >to physical device is possible. The "right location" as far as I know >> >could only be in ovs_vport_send. In addition this probably requires wrapper >> >route looking up operation for GRE/VXLAN, after get the under layer device >> >MTU >> >from the routing information, then calculate reduced MTU becomes feasible. > As I said, it needs to be integrated into L3 processing. In OVS this > would mean adding some primitives to the kernel and then exposing the > functionality upwards into userspace/controller. I'm bit of confused with "L3 processing" you mentioned here... SORRY Apparently I'm not seeing the whole picture as you pointed out. Could you please elaborate "L3 processing" a bit more? docs/codes/or other useful links. Appreciated. My understanding is: controller sets the forwarding rules into kernel datapath, any flow not matching with the rules are threw to controller by upcall. Once the rule decision is made by controller, then, this flow packet is pushed down to datapath to be forwarded again according to the new rule. So I'm not sure whether pushing the over-MTU-sized packet or pushing the forged ICMP without encapsulation to controller is required by current ovs implementation. By doing so, such over-MTU-sized packet is treated as a event for the controller to be take care of. -- No zuo no die but I have to try. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists