Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2513535imm;
        Mon, 28 May 2018 09:30:25 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpGNxG50BKRpDIDfP67eKA8w3o3qzVUBds7FZyZPOUGMl1/gjsTI7VYxMXKHh1aIa5zCCjU
X-Received: by 2002:a62:91b:: with SMTP id e27-v6mr14147692pfd.93.1527525025233;
        Mon, 28 May 2018 09:30:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527525025; cv=none;
        d=google.com; s=arc-20160816;
        b=dTS69RrHXYR7cTj9MNil9Uqlq6CRmh40QPuag6q531Ei1b5sdaGUB7ufQGYb7+hDFM
         cRGFrXK5WD6MmXOl0a7q2+98kw+ML84fhLC6LuKaWFOQObJS8UFJXb8Sv4hjsbHWDfQ6
         AljDf8gsdrOGihJexUuvIv6exqDXuwxvT+ssp8eKJGW4tT07agLF4qtjkOE6CeZ8HvlS
         fltCUchIW8x4F8IilVCWyzjq9Q5+pJpoieuubQw74dSxQa+e4hY23qFSdRPV5OtGYsO2
         KcomRkVpuB7zdfhYAYv8n+iCahlIiQ/4oGGBnjfN/AoKdv9FcbcTl2/6b4WJ3XhDBBvN
         nJzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=4yscyrkYU/7ulKTO6+JBniinHCLH9DrnMo7Tw8BYYbo=;
        b=TR6DtfgN7QtHum0WOPdceoHVAiIc5Jr6TIsTcF4khf1EaB9UlDOdBO+GDrLlhtB8D8
         nv1Xb4KoYNGXJMwDc7oclrM47dwLXv5E+8v4ruI8DCiTr1GyxVysakvZ3KR/TGQnQVRI
         6CPzTIBn+AMfHNxNe10ndHMdSuV5HKHFLXOOWYMUl5eUd0SiemVRo59MYUfofSUqvp/i
         ZO2yYrp698PdbmyAa4QNXUiBrJKlVG0IJX2/FXjGgsgew5AuKEBAuTG5rVZJVyAfJZdH
         XFjbLIpugZKBfVPfdX1fcqyftUq+3yv2q08Vo5vwb7++RTra3TnfvjJRcPYsN8Zhy9RI
         VSgA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=jqyflWvC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k8-v6si23979878pgo.311.2018.05.28.09.30.10;
        Mon, 28 May 2018 09:30:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=jqyflWvC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1425420AbeE1Q3m (ORCPT <rfc822;sduhuangshuai@gmail.com>
        + 99 others); Mon, 28 May 2018 12:29:42 -0400
Received: from mail.kernel.org ([198.145.29.99]:58034 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S936412AbeE1KJy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 May 2018 06:09:54 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 3EF06208AD;
        Mon, 28 May 2018 10:09:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527502193;
        bh=xvHO8gFx8+Mq8mj0qPPr9Urw1KXj5LfQfHtTJMgwnpQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=jqyflWvC3qAquHdHqdhSzIuKtAtbJPu5Dx+OfA2i2HIs/l1KXoLDhOVv+m8CTkZwZ
         pZso1aUkv4LtuNXy7rEKf8Cc4JAw0u6yUmAwbpsr1rWlUdN9CSAuiiCFusQFnGqgQS
         JNuJqhqS5QhRzAh2YQ/GgH6+zKkNZyxxHrembmdk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Stefano Brivio <sbrivio@redhat.com>,
        Sabrina Dubroca <sd@queasysnail.net>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 3.18 096/185] vti4: Dont count header length twice on tunnel setup
Date:   Mon, 28 May 2018 12:02:17 +0200
Message-Id: <20180528100059.114484009@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180528100050.700971285@linuxfoundation.org>
References: <20180528100050.700971285@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefano Brivio <sbrivio@redhat.com>

[ Upstream commit dd1df24737727e119c263acf1be2a92763938297 ]

This re-introduces the effect of commit a32452366b72 ("vti4:
Don't count header length twice.") which was accidentally
reverted by merge commit f895f0cfbb77 ("Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec").

The commit message from Steffen Klassert said:

    We currently count the size of LL_MAX_HEADER and struct iphdr
    twice for vti4 devices, this leads to a wrong device mtu.
    The size of LL_MAX_HEADER and struct iphdr is already counted in
    ip_tunnel_bind_dev(), so don't do it again in vti_tunnel_init().

And this is still the case now: ip_tunnel_bind_dev() already
accounts for the header length of the link layer (not
necessarily LL_MAX_HEADER, if the output device is found), plus
one IP header.

For example, with a vti device on top of veth, with MTU of 1500,
the existing implementation would set the initial vti MTU to
1332, accounting once for LL_MAX_HEADER (128, included in
hard_header_len by vti) and twice for the same IP header (once
from hard_header_len, once from ip_tunnel_bind_dev()).

It should instead be 1480, because ip_tunnel_bind_dev() is able
to figure out that the output device is veth, so no additional
link layer header is attached, and will properly count one
single IP header.

The existing issue had the side effect of avoiding PMTUD for
most xfrm policies, by arbitrarily lowering the initial MTU.
However, the only way to get a consistent PMTU value is to let
the xfrm PMTU discovery do its course, and commit d6af1a31cc72
("vti: Add pmtu handling to vti_xmit.") now takes care of local
delivery cases where the application ignores local socket
notifications.

Fixes: b9959fd3b0fa ("vti: switch to new ip tunnel code")
Fixes: f895f0cfbb77 ("Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/ip_vti.c |    1 -
 1 file changed, 1 deletion(-)

--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -365,7 +365,6 @@ static int vti_tunnel_init(struct net_de
 	memcpy(dev->dev_addr, &iph->saddr, 4);
 	memcpy(dev->broadcast, &iph->daddr, 4);
 
-	dev->hard_header_len	= LL_MAX_HEADER + sizeof(struct iphdr);
 	dev->mtu		= ETH_DATA_LEN;
 	dev->flags		= IFF_NOARP;
 	dev->iflink		= 0;