Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp370211ybj; Wed, 6 May 2020 20:23:42 -0700 (PDT) X-Google-Smtp-Source: APiQypL5VYrjlMe45Irkxw8hHCWmNUjn5L1cN9N48zq+n23ReKLNnIbYiNrLJNtOsssBQk8wGICI X-Received: by 2002:a17:906:d968:: with SMTP id rp8mr9808474ejb.305.1588821821874; Wed, 06 May 2020 20:23:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588821821; cv=none; d=google.com; s=arc-20160816; b=AHK4Y38qTjtZl/B+WUcvXbBbpPpj59OMUqyGfniTYB61ozSmx1J8+p8OGlr/BdeeUN yeGFfDS284mPj1hiNYhJ08B8gpbZQImtlt7o9/JSbsuqhbxXVOvwL6/IoCLUk72QzqBi FcLzWons1w/orqXwwHSA79IkC+asDkZ6WdzhjLjUq7kjXfqhkCMRI5myw0CE4ByvRj0C BQv7Vqu+uJLG/p7yYy8QpVPyjmf5VXagRVSu9Yhn6tCED6nVzOFm7MvtO0pThtPtbrEV ZW+m4P7F2p4Espzx4I65I/Kr5Hvj7GdTxhll42IVZCudI7CTQ2Oe1cOLu7PKSoOhHbNN ciIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=FNrrgpXLdDHrj1thWxoSeNd2fD9oKYEd+ucgYMP04/Y=; b=YGznCbLNZVEtY9BP1zcvK/1tsPDvWp3v2rHu4qRU7ZNnJNGeN99oOnKGAdXCUs9Ct8 fkCkiLQoqzinsCfD+SrBmxOz8/nnFHR1jn0WfOu19jD6/O1RfP9S8MI1WhicPkGvKagA oyN1lUSmUsdXVf5AMuvicbOKKYpzkB2+f4qCHYWlaimyg8Bc9VciF7jz2K0crgFyPkFa ceMj6hCg5q9Hj+vU/3w+Ujz5BFLb4mnHxfsLl3luprI2Xo4RM5OP0sGfXPmwZrzLqI7r ObA6Q8RVAYf0CzsvgW/EXLG+kgp3iS8MavXspZh0iv3zaGDERwU1ulEkDwb23YJOQ/2q DB6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tBBfEf8P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dd21si2542473ejb.261.2020.05.06.20.23.19; Wed, 06 May 2020 20:23:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tBBfEf8P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727944AbgEGCdM (ORCPT + 99 others); Wed, 6 May 2020 22:33:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50414 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1725985AbgEGCdM (ORCPT ); Wed, 6 May 2020 22:33:12 -0400 Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E444C061A10 for ; Wed, 6 May 2020 19:33:12 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id c2so4499344iow.7 for ; Wed, 06 May 2020 19:33:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FNrrgpXLdDHrj1thWxoSeNd2fD9oKYEd+ucgYMP04/Y=; b=tBBfEf8PZmPOqtdlPjQNKfDCZFyH+h04nuYmOixmtTqLQJJaR5oopZgER17zKRsVsj NKmidG8aVOEOikMKilqribSFyxkQ22sEoigLiluoMc1qrRRd6LQcL5owRm5NxaK83PGv jMQYNUcjmhOqoN3M5Eadan/FjxiMulxeQtdI/oyaIHkbVowb9gm8WGV1Iu6Q7goLFbI2 cEemYEjXPktlWAC8x5HX2bcDgwDyvLQamhbqPh8KZ3SVnx6bX6Q93o5gILG2fjVLSpsh 0CRIway791gc4GPOtEYvXAevHY8x/jKUt21nv24qUCB7oa7y87q0fmcRpjG8VLBOmNop /l7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FNrrgpXLdDHrj1thWxoSeNd2fD9oKYEd+ucgYMP04/Y=; b=RkYtKSQp2sGU6BYI9aA8fTVCKK97STB6pVOyPWRfEg4dZzfCrJjuzkFNfQyCK2THcH 9m3mZrmPk9GWoGyeJMoz2gcOVkRUxnMwjJ9Gs036yxTj4emM9cOB1Yf4oNWhfPzzwWle 4hWhVjH7JCcGAzU/lNYfBrQdfIrUKMK+xTOhliU2NafbjHnf1vUFkH8NKcXTGEdM/+4k dygGUg5k86gbfaYMhOhPqzt491fFAPGrTMg81ThVc5pS0cXASiVFXY7pqZT2huNQB6Ma yzXfdOfk+uJf7TSMKXIHp3N9YMdQe2awAQGxTPGAauolco7nlvlDjzOuz6CyP9/8fnb0 Dlfg== X-Gm-Message-State: AGi0PubScD3Up9fWgCJp2vR5bMuS/LW86sdJZnMDy2BSIp5CA5qkTpJD BcaX0oYmGrsbgAIt5eW7woTmJgM03fyiYQ6pO1kBXw== X-Received: by 2002:a6b:bc85:: with SMTP id m127mr11321556iof.89.1588818790998; Wed, 06 May 2020 19:33:10 -0700 (PDT) MIME-Version: 1.0 References: <20200420231427.63894-1-zenczykowski@gmail.com> <20200506233259.112545-1-zenczykowski@gmail.com> <20200506165517.140d39ac@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> In-Reply-To: From: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= Date: Wed, 6 May 2020 19:32:59 -0700 Message-ID: Subject: Re: [PATCH v2] net: bpf: permit redirect from L3 to L2 devices at near max mtu To: Jakub Kicinski Cc: Alexei Starovoitov , Daniel Borkmann , Linux Network Development Mailing List , Linux Kernel Mailing List , BPF Mailing List , "David S . Miller" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > I thought we have established that checking device MTU (m*T*u) > > at ingress makes a very limited amount of sense, no? > > > > Shooting from the hip here, but won't something like: > > > > if (!skb->dev || skb->tc_at_ingress) > > return SKB_MAX_ALLOC; > > return skb->dev->mtu + skb->dev->hard_header_len; > > > > Solve your problem? > > I believe that probably does indeed solve the ingress case of tc > ingress hook on cellular redirecting to wifi. > > However, there's 2 possible uplinks - cellular (rawip, L3), and wifi > (ethernet, L2). > Thus, there's actually 4 things I'm trying to support: > > - ipv6 ingress on cellular uplink (L3/rawip), translate to ipv4, > forward to wifi/ethernet <- need to add ethernet header > > - ipv6 ingress on wifi uplink (L2/ether), translate to ipv4, forward > to wifi/ethernet <- trivial, no packet size change > > - ipv4 egressing through tun (L3), translate to ipv6, forward to > cellular uplink <- trivial, no packet size change > > - ipv4 egressing through tun (L3), translate to ipv6, forward to wifi > uplink <- need to add ethernet header [*] > > I think your approach doesn't solve the reverse path (* up above): > > ie. ipv4 packets hitting a tun device (owned by a clat daemon doing > ipv4<->ipv6 translation in userspace), being stolen by a tc egress > ebpf hook, mutated to ipv6 by ebpf and bpf_redirect'ed to egress > through a wifi ipv6-only uplink. > > Though arguably in this case I could probably simply increase the tun > device mtu by another 14, while keeping ipv4 route mtus low... > (tun mtu already has to be 28 bytes lower then wifi mtu to allow > replacement of ipv4 with ipv6 header (20 bytes extra), with possibly > an ipv6 frag header (8 more bytes)) > > Any further thoughts? Thinking about this some more, that seems to solve the immediate need (case 1 above), and I can work around case 4 with tun mtu bumps. And maybe the real correct fix would be to simply pass in the desired path mtu to these 3 functions via 16-bits of the flags argument.