lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a74d414f-bee1-9754-8735-81cb07dc430b@linux.alibaba.com>
Date:   Sun, 28 Oct 2018 07:42:02 +0800
From:   Jianfeng Tan <jianfeng.tan@...ux.alibaba.com>
To:     Jason Wang <jasowang@...hat.com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, mst@...hat.com
Subject: Re: [PATCH] net/packet: fix packet drop as of virtio gso


On 10/8/2018 11:14 AM, Jason Wang wrote:
>
>
> On 2018年09月29日 23:41, Jianfeng Tan wrote:
>> When we use raw socket as the vhost backend, a packet from virito with
>> gso offloading information, cannot be sent out in later validaton at
>> xmit path, as we did not set correct skb->protocol which is further used
>> for looking up the gso function.
>
> Hi:
>
> May I ask the reason for using raw socket for vhost? It was not a 
> common setup with little care in the past few years. And it was slow 
> since it lacks some recent improvements. Can it be replaced with e.g 
> macvtap?

Hi Jason,

Apologize for late response. We are in container environment, in which 
case veth is used mostly. Either tap or macvtap cannot be put into an 
isolated netns. Another thing could be macvlan as the backend of vhost, 
which is not supported either. So unfortunately, improving raw socket is 
the only choice I suppose.

Thanks,
Jianfeng


>
> Thanks
>
>>
>> To fix this, we set this field according to virito hdr information.
>>
>> Fixes: e858fae2b0b8f4 ("virtio_net: use common code for 
>> virtio_net_hdr and skb GSO conversion")
>>
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Jianfeng Tan <jianfeng.tan@...ux.alibaba.com>
>> ---
>>   include/linux/virtio_net.h | 18 ++++++++++++++++++
>>   net/packet/af_packet.c     | 11 +++++++----
>>   2 files changed, 25 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h
>> index 9397628a1967..cb462f9ab7dd 100644
>> --- a/include/linux/virtio_net.h
>> +++ b/include/linux/virtio_net.h
>> @@ -5,6 +5,24 @@
>>   #include <linux/if_vlan.h>
>>   #include <uapi/linux/virtio_net.h>
>>   +static inline int virtio_net_hdr_set_proto(struct sk_buff *skb,
>> +                       const struct virtio_net_hdr *hdr)
>> +{
>> +    switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
>> +    case VIRTIO_NET_HDR_GSO_TCPV4:
>> +    case VIRTIO_NET_HDR_GSO_UDP:
>> +        skb->protocol = cpu_to_be16(ETH_P_IP);
>> +        break;
>> +    case VIRTIO_NET_HDR_GSO_TCPV6:
>> +        skb->protocol = cpu_to_be16(ETH_P_IPV6);
>> +        break;
>> +    default:
>> +        return -EINVAL;
>> +    }
>> +
>> +    return 0;
>> +}
>> +
>>   static inline int virtio_net_hdr_to_skb(struct sk_buff *skb,
>>                       const struct virtio_net_hdr *hdr,
>>                       bool little_endian)
>> diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
>> index 75c92a87e7b2..d6e94dc7e290 100644
>> --- a/net/packet/af_packet.c
>> +++ b/net/packet/af_packet.c
>> @@ -2715,10 +2715,12 @@ static int tpacket_snd(struct packet_sock 
>> *po, struct msghdr *msg)
>>               }
>>           }
>>   -        if (po->has_vnet_hdr && virtio_net_hdr_to_skb(skb, vnet_hdr,
>> -                                  vio_le())) {
>> -            tp_len = -EINVAL;
>> -            goto tpacket_error;
>> +        if (po->has_vnet_hdr) {
>> +            if (virtio_net_hdr_to_skb(skb, vnet_hdr, vio_le())) {
>> +                tp_len = -EINVAL;
>> +                goto tpacket_error;
>> +            }
>> +            virtio_net_hdr_set_proto(skb, vnet_hdr);
>>           }
>>             skb->destructor = tpacket_destruct_skb;
>> @@ -2915,6 +2917,7 @@ static int packet_snd(struct socket *sock, 
>> struct msghdr *msg, size_t len)
>>           if (err)
>>               goto out_free;
>>           len += sizeof(vnet_hdr);
>> +        virtio_net_hdr_set_proto(skb, &vnet_hdr);
>>       }
>>         skb_probe_transport_header(skb, reserve);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ