| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 03 Feb 2022 10:07:32 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Eric Dumazet <eric.dumazet@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: netdev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Coco Li <lixiaoyan@...gle.com>
Subject: Re: [PATCH net-next 08/15] ipv6: Add hop-by-hop header to
jumbograms in ip6_output
On Wed, 2022-02-02 at 17:51 -0800, Eric Dumazet wrote:
> From: Coco Li <lixiaoyan@...gle.com>
>
> Instead of simply forcing a 0 payload_len in IPv6 header,
> implement RFC 2675 and insert a custom extension header.
>
> Note that only TCP stack is currently potentially generating
> jumbograms, and that this extension header is purely local,
> it wont be sent on a physical link.
>
> This is needed so that packet capture (tcpdump and friends)
> can properly dissect these large packets.
>
> Signed-off-by: Coco Li <lixiaoyan@...gle.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> ---
> include/linux/ipv6.h | 1 +
> net/ipv6/ip6_output.c | 22 ++++++++++++++++++++--
> 2 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
> index 1e0f8a31f3de175659dca9ecee9f97d8b01e2b68..d3fb87e1589997570cde9cb5d92b2222008a229d 100644
> --- a/include/linux/ipv6.h
> +++ b/include/linux/ipv6.h
> @@ -144,6 +144,7 @@ struct inet6_skb_parm {
> #define IP6SKB_L3SLAVE 64
> #define IP6SKB_JUMBOGRAM 128
> #define IP6SKB_SEG6 256
> +#define IP6SKB_FAKEJUMBO 512
> };
>
> #if defined(CONFIG_NET_L3_MASTER_DEV)
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index 0c6c971ce0a58b50f8a9349b8507dffac9c7818c..f78ba145620560e5d7cb25aaf16fec61ddd9ed40 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -180,7 +180,9 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff
> #endif
>
> mtu = ip6_skb_dst_mtu(skb);
> - if (skb_is_gso(skb) && !skb_gso_validate_network_len(skb, mtu))
> + if (skb_is_gso(skb) &&
> + !(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) &&
> + !skb_gso_validate_network_len(skb, mtu))
> return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu);
If I read correctly jumbogram with gso len not fitting the egress
device MTU will not be fragmented, as opposed to plain old GSO packets.
Am I correct? why fragmentation is not needed for jumbogram?
Thanks!
Paolo
Powered by blists - more mailing lists