Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2415825imm; Thu, 7 Jun 2018 10:12:06 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKPsgiYz0rrCOQai1BsuTifArHQzR1GAF8nfu0ly6rXsNwXW3yTyUUXBQAHMD39uzoYGA3y X-Received: by 2002:a17:902:4603:: with SMTP id o3-v6mr2967196pld.49.1528391526048; Thu, 07 Jun 2018 10:12:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528391526; cv=none; d=google.com; s=arc-20160816; b=CPMeRK2Uve/Mn+186y5V7soNcrLNd5iZlAeNHgpATBCDnftBuPjFWvxaPrf6AQouLp LcTCHZEQowdCd6aoGnDLNpectZI8ySD2X0MPN7/pFkwKsbMi8AdcEZEjvrzkkMjIBaDn mXxLkdBKta/PAFRapEdlZLG2sFiXwoKJ5+hj0zW0nAp3zEQiRtfbNGj2/FZEN8F0fNVe gyLzF/3XdxvbQUBG0PL3zGA6OeQ3jnU0sQmG+0f8zhOO5/WS+3H3ozEAjBf2dnFIt1n7 aku8wk1Q5kGrgnzaoDaxoaDybbqK0A3ZjKqCSx8QG+UUQKRKFQrTe4dirJv4uYCmpcvH 3txA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=mexQFacetyQk41peaNmF+f4IxBFP1gSUrsJ7B/Qc0c0=; b=pm/rVl9SlmYchFSPzkRvVAj3Ff7T+wI9L3BUzrO39v8ImWtw4FNlQXhbpWtHu41cq7 XYUnlCZDmXQzfWV9tLwQj9zje89TrMgJDZTjz5laazNpe9J6aBK+P9K4uEixkPzssu2U OpCEWNff8P+IUOchUbdoseXdgEgJbPE0OCKXWa4PtuSSMJEz74X2atdOEPApKsl1mElw p7uYzUW6NjutlZsMOY/5JWj77AwgY6M0KC+3xlaezQAF1OyFH1Wd08W48HgefrSGuvWp RtnkLVOEwPnAMVjYUtA48zW0smaFpOLEh5x1a/UNKk+KbKPcoHRhziRca1BmlcxMYNEW Ce+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p18-v6si12424004pfe.150.2018.06.07.10.11.51; Thu, 07 Jun 2018 10:12:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933438AbeFGObm (ORCPT + 99 others); Thu, 7 Jun 2018 10:31:42 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:40253 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932913AbeFGObk (ORCPT ); Thu, 7 Jun 2018 10:31:40 -0400 Received: from [148.252.241.226] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fQvbN-0005a0-3K; Thu, 07 Jun 2018 15:09:21 +0100 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1fQvbD-0003Gs-IN; Thu, 07 Jun 2018 15:09:11 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Steffen Klassert" , "Stefano Brivio" , "Sabrina Dubroca" Date: Thu, 07 Jun 2018 15:05:21 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 374/410] vti4: Don't count header length twice on tunnel setup In-Reply-To: X-SA-Exim-Connect-IP: 148.252.241.226 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.57-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Stefano Brivio commit dd1df24737727e119c263acf1be2a92763938297 upstream. This re-introduces the effect of commit a32452366b72 ("vti4: Don't count header length twice.") which was accidentally reverted by merge commit f895f0cfbb77 ("Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec"). The commit message from Steffen Klassert said: We currently count the size of LL_MAX_HEADER and struct iphdr twice for vti4 devices, this leads to a wrong device mtu. The size of LL_MAX_HEADER and struct iphdr is already counted in ip_tunnel_bind_dev(), so don't do it again in vti_tunnel_init(). And this is still the case now: ip_tunnel_bind_dev() already accounts for the header length of the link layer (not necessarily LL_MAX_HEADER, if the output device is found), plus one IP header. For example, with a vti device on top of veth, with MTU of 1500, the existing implementation would set the initial vti MTU to 1332, accounting once for LL_MAX_HEADER (128, included in hard_header_len by vti) and twice for the same IP header (once from hard_header_len, once from ip_tunnel_bind_dev()). It should instead be 1480, because ip_tunnel_bind_dev() is able to figure out that the output device is veth, so no additional link layer header is attached, and will properly count one single IP header. The existing issue had the side effect of avoiding PMTUD for most xfrm policies, by arbitrarily lowering the initial MTU. However, the only way to get a consistent PMTU value is to let the xfrm PMTU discovery do its course, and commit d6af1a31cc72 ("vti: Add pmtu handling to vti_xmit.") now takes care of local delivery cases where the application ignores local socket notifications. Fixes: b9959fd3b0fa ("vti: switch to new ip tunnel code") Fixes: f895f0cfbb77 ("Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec") Signed-off-by: Stefano Brivio Acked-by: Sabrina Dubroca Signed-off-by: Steffen Klassert Signed-off-by: Ben Hutchings --- net/ipv4/ip_vti.c | 1 - 1 file changed, 1 deletion(-) --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -359,7 +359,6 @@ static int vti_tunnel_init(struct net_de memcpy(dev->dev_addr, &iph->saddr, 4); memcpy(dev->broadcast, &iph->daddr, 4); - dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr); dev->mtu = ETH_DATA_LEN; dev->flags = IFF_NOARP; dev->iflink = 0;