lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMJ5cBHZ4DqjE6Md-0apA8aaLLk9Hpiypfooo7ud-p9XyFyeng@mail.gmail.com>
Date:   Thu, 10 Jan 2019 14:26:55 +0100
From:   Fredrik Gustavsson <gustfred@...il.com>
To:     netdev@...r.kernel.org, davem@...emloft.net,
        makita.toshiaki@....ntt.co.jp, daniel@...earbox.net
Subject: [PATCH v1 1/1] veth: Do not drop packets larger then the mtu set on
 the receiving side

commit affede4a779420bd8510ab937251a3796d3228df
Author: Fredrik Gustavsson <gustfred@...il.com>
Date:   Tue Jan 8 11:21:39 2019 +0100

veth: Do not drop packets larger then the mtu set on the receiving side

Currently veth drops all packets larger then the mtu set on the receiving
end of the pair. This is inconsistent with most hardware ethernet drivers
that happily receives packets up the the ethernet MTU independent of the
configured MTU.

There should not be a need for dropping IP packets at receiver with
size > configured IP MTU, IP MTU is for fragmentation at sender side.
And IP packets with size > receiver L2 MTU will be dropped at sub-IP layer.

The drop is done inside is_skb_forwardable() so for this patch
a netdev_priv_flags called IFF_VETH is introduced.
A function for checking the flag is also created netif_is_veth.
This flag is set in veth.c and a control of is is now made in
____dev_forward_skb() in include/linux/netdevice.h

To reproduce the behaviour and to compare it to other
network drivers these steps can be done:

veth:
ip link add type veth
ip netns add foo
ip link set dev veth1 netns foo
ip netns exec foo ip addr add 192.168.45.1/24 dev veth1
ip netns exec foo ip link set veth1 up
ip netns exec foo ip link set dev veth1 mtu 300

ip addr add 192.168.45.2/24 dev veth0
ip link set dev veth0 up
ip link set dev veth0 mtu 500
ping -c 1 -W 1 -s 400 192.168.45.1

Output:
ping -c 1 -W 1 -s 400 192.168.45.1
PING 192.168.45.1 (192.168.45.1) 400(428) bytes of data.

--- 192.168.45.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

eth:
ip addr add 192.168.45.1/24 dev eth1
ip link set dev eth0 mtu 300 up

ip addr add 192.168.45.2/24 dev eth0
ip link set dev eth0 mtu 500 up
ping -c 1 -W 1 -s 400 192.168.45.1

Output:
--- 192.168.45.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

Signed-off-by: Fredrik Gustavsson <gustfred@...il.com>

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 890fa5b905e2..74460278a621 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -1161,6 +1161,7 @@ static void veth_setup(struct net_device *dev)
  dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
  dev->priv_flags |= IFF_NO_QUEUE;
  dev->priv_flags |= IFF_PHONY_HEADROOM;
+ dev->priv_flags |= IFF_VETH;

  dev->netdev_ops = &veth_netdev_ops;
  dev->ethtool_ops = &veth_ethtool_ops;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 857f8abf7b91..75465b3e4ecb 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1487,6 +1487,7 @@ struct net_device_ops {
  * @IFF_NO_RX_HANDLER: device doesn't support the rx_handler hook
  * @IFF_FAILOVER: device is a failover master device
  * @IFF_FAILOVER_SLAVE: device is lower dev of a failover master device
+ * @IFF_VETH: Veth device
  */
 enum netdev_priv_flags {
  IFF_802_1Q_VLAN = 1<<0,
@@ -1518,6 +1519,7 @@ enum netdev_priv_flags {
  IFF_NO_RX_HANDLER = 1<<26,
  IFF_FAILOVER = 1<<27,
  IFF_FAILOVER_SLAVE = 1<<28,
+ IFF_VETH = 1<<29,
 };

 #define IFF_802_1Q_VLAN IFF_802_1Q_VLAN
@@ -1548,6 +1550,7 @@ enum netdev_priv_flags {
 #define IFF_NO_RX_HANDLER IFF_NO_RX_HANDLER
 #define IFF_FAILOVER IFF_FAILOVER
 #define IFF_FAILOVER_SLAVE IFF_FAILOVER_SLAVE
+#define IFF_VETH IFF_VETH

 /**
  * struct net_device - The DEVICE structure.
@@ -3650,11 +3653,17 @@ int dev_forward_skb(struct net_device *dev,
struct sk_buff *skb);
 bool is_skb_forwardable(const struct net_device *dev,
  const struct sk_buff *skb);

+static inline bool netif_is_veth(const struct net_device *dev)
+{
+ return dev->priv_flags & IFF_VETH;
+}
+
 static __always_inline int ____dev_forward_skb(struct net_device *dev,
         struct sk_buff *skb)
 {
  if (skb_orphan_frags(skb, GFP_ATOMIC) ||
-     unlikely(!is_skb_forwardable(dev, skb))) {
+     netif_is_veth(dev) ? false :
+      unlikely(!is_skb_forwardable(dev, skb))) {
  atomic_long_inc(&dev->rx_dropped);
  kfree_skb(skb);
  return NET_RX_DROP;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ