Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp290308ybj;
        Wed, 6 May 2020 17:50:53 -0700 (PDT)
X-Google-Smtp-Source: APiQypIRQZooY1Nn+ULkXU+B6QLOzUtv1mzp17+nnZ+NrY4QWjGbNI4L9UG6brmhyIfZ+UnhFHaa
X-Received: by 2002:a05:6402:d0a:: with SMTP id eb10mr9335935edb.60.1588812653167;
        Wed, 06 May 2020 17:50:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588812653; cv=none;
        d=google.com; s=arc-20160816;
        b=NRW6Kq5zNCtddTIN3zqOB76UlnjCUm4D/rnYFTRQmsFkRChoi44r22ONaEbsr6cg+w
         lJ+FXlemYDjZjqEvudlRhgyQewLTvOJhz+kkAxigdZIGrXoq1njUC3ikObud6RyZG04i
         AmbNXM3UyFdcC5CvaKP1brLlliiE4kv/by8eSxpR62egN7kBwq1vNq8PYwOErKpcZqFg
         gTRgLlBzZacgKlLAqGH9MTS1y9DFIKjRaRVGll8GjpEO7NyWT8c3gFEQOyBOQ/LJ3/AM
         TWvdzF84YP57aXL5eyKxpy/nC2GMQ75N2a4GobH7QQnKEKBsKrjKQ9NP9+Ee7GpkTwXj
         6UZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=uYSzKMOk3or2uFoTZZzRJZRiS035mjjJocvNWlKm6tM=;
        b=Z4cNg456qVK17AvtoNB7WMyERdKK+iYeI4UmhCEsWgHP6nh6biPs54mdBiArY1BFJ+
         300PGIYAqxSgbX9+9lCFQymk3TRZC2b8m7i1CqHgrJtYv3eyf34yc8HNvJo1rxsK32b1
         CKAi/Ln5+rwrlSEGZVg6cOFSFeDUA+xmnS95JimynS5cmeNuGVtzd1iFjdLeEpuV7sTO
         bHZ8urISkQKkvd11hQt6K+DUM9YQG4abH73sHRZ8IgT+7wKLPa9iyEX2gv5nrCflPUXV
         8n5Ci92W4gvkHDB8vjkGmUr1rVbS6d48xvmtPXP7LO0mJhInkAEPfjjztD7TSgYZA6tP
         Mc5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dSM6qpbU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id cx18si2210315edb.73.2020.05.06.17.50.30;
        Wed, 06 May 2020 17:50:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dSM6qpbU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729067AbgEGAra (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Wed, 6 May 2020 20:47:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34078 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728010AbgEGAr0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 May 2020 20:47:26 -0400
Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BDFFC061A0F
        for <linux-kernel@vger.kernel.org>; Wed,  6 May 2020 17:47:26 -0700 (PDT)
Received: by mail-io1-xd41.google.com with SMTP id y26so4383075ioj.2
        for <linux-kernel@vger.kernel.org>; Wed, 06 May 2020 17:47:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=uYSzKMOk3or2uFoTZZzRJZRiS035mjjJocvNWlKm6tM=;
        b=dSM6qpbUf+qLjqBHYANWC6rRaGEkZVYX7hCaUGcJC4jffs2/nlqOD1bGMOPdjX+0+u
         a0tj0jTWA0vqVQieHoGIHDnsiNYn7Dw+2q0mr2Gkf68qDvpGO82TQyegMyE/Z4LiOJ3b
         GRJ84a2QIlYNH31ggzEgMyWSqShuOj+CH5JvSNPUzWdeAQutmWJ3P1ZvJ86vbBd6iuHN
         n7389hKng19UxWWQQEuY62XlkhD1bR4w7Zd7sbnyOUdPU72sUqC4eCcSP5J7GiTdAQQB
         9y6MfecM3KC1F5nVtFVqksBFcaWUYIxAFWHlo3HuzbCvAuzZoI38OKi7Mr/JvPGr4KE1
         /whA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=uYSzKMOk3or2uFoTZZzRJZRiS035mjjJocvNWlKm6tM=;
        b=QpP+NCcMVW06ru0/D321URWLNfvWsENlaVZXxvzYQBmbuluCyl0+K6lHsFjV40drNr
         4ATvIxcu5TDqOBgzXDnX7mHPkOHH8KHORoMz/GIIxzAcmwLPwWc9EDDQcg3cex26ZaNU
         aLN8B9c/qlVCosr2TXlB4jCJaGueU7h6FE41v+7v5Fj0aMq+UmQLI8NqsFQ5l6y7I7LN
         46y8CiW1MLsFXgCDX7b9eG7Vjhokeg4Wg78ue1V6BIXm+0jeiYpyYolRHE3lnCStILzp
         chP26bTBjfq3HZGE9OchDzjt+0rIpqk04tj6mHfeS4f5UdcxmjK0T/Fyx5djwAsRxChB
         ANeg==
X-Gm-Message-State: AGi0PubCv7iUKbRAbXg5fbGYWX5zaS6PPtEPneh/c7VUSxfgEJIigUUw
        gSV2k1OG7h+ewW7FjXiq67bkBhjaNw2f74obkSLGnw==
X-Received: by 2002:a02:cd03:: with SMTP id g3mr10773598jaq.61.1588812445532;
 Wed, 06 May 2020 17:47:25 -0700 (PDT)
MIME-Version: 1.0
References: <20200420231427.63894-1-zenczykowski@gmail.com>
 <20200506233259.112545-1-zenczykowski@gmail.com> <20200506165517.140d39ac@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
In-Reply-To: <20200506165517.140d39ac@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
From:   =?UTF-8?Q?Maciej_=C5=BBenczykowski?= <zenczykowski@gmail.com>
Date:   Wed, 6 May 2020 17:47:12 -0700
Message-ID: <CANP3RGc4aWPM09SoD3gk1R9f1UL4Ef57LHGiTKMBvYBLotwPGQ@mail.gmail.com>
Subject: Re: [PATCH v2] net: bpf: permit redirect from L3 to L2 devices at
 near max mtu
To:     Jakub Kicinski <kuba@kernel.org>
Cc:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Linux Network Development Mailing List 
        <netdev@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        BPF Mailing List <bpf@vger.kernel.org>,
        "David S . Miller" <davem@davemloft.net>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> I thought we have established that checking device MTU (m*T*u)
> at ingress makes a very limited amount of sense, no?
>
> Shooting from the hip here, but won't something like:
>
>     if (!skb->dev || skb->tc_at_ingress)
>         return SKB_MAX_ALLOC;
>     return skb->dev->mtu + skb->dev->hard_header_len;
>
> Solve your problem?

I believe that probably does indeed solve the ingress case of tc
ingress hook on cellular redirecting to wifi.

However, there's 2 possible uplinks - cellular (rawip, L3), and wifi
(ethernet, L2).
Thus, there's actually 4 things I'm trying to support:

- ipv6 ingress on cellular uplink (L3/rawip), translate to ipv4,
forward to wifi/ethernet <- need to add ethernet header

- ipv6 ingress on wifi uplink (L2/ether), translate to ipv4, forward
to wifi/ethernet <- trivial, no packet size change

- ipv4 egressing through tun (L3), translate to ipv6, forward to
cellular uplink <- trivial, no packet size change

- ipv4 egressing through tun (L3), translate to ipv6, forward to wifi
uplink <- need to add ethernet header [*]

I think your approach doesn't solve the reverse path (* up above):

ie. ipv4 packets hitting a tun device (owned by a clat daemon doing
ipv4<->ipv6 translation in userspace), being stolen by a tc egress
ebpf hook, mutated to ipv6 by ebpf and bpf_redirect'ed to egress
through a wifi ipv6-only uplink.

Though arguably in this case I could probably simply increase the tun
device mtu by another 14, while keeping ipv4 route mtus low...
(tun mtu already has to be 28 bytes lower then wifi mtu to allow
replacement of ipv4 with ipv6 header (20 bytes extra), with possibly
an ipv6 frag header (8 more bytes))

Any further thoughts?