Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2250721pxb;
        Mon, 11 Jan 2021 05:11:59 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz6teZ6VT/dA9NUXNwtHZCDMxLDeAOCQMrcGR5hqbcagivVP+fKDTCpiLhWlXfENwO6zWbn
X-Received: by 2002:a05:6402:2207:: with SMTP id cq7mr13999893edb.310.1610370719623;
        Mon, 11 Jan 2021 05:11:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610370719; cv=none;
        d=google.com; s=arc-20160816;
        b=qGAR42JjmKH/RSzzGsGQdTk9z9PXhbf67pM92MBKzIghdbbfwgG1x+CCmEYZWIVu3j
         UTytmFHMVXi4x5X2Cjsrgt3K9bRWuir1slSwBF87bP8jinnFtE9Yupnngb3CRlj3K6+0
         UBADZYJZNodb4ATPrDbOIuBk4JjI5f0JOrMNPQTvhXKIwR1F9Ga59//RUALthT1+IQvD
         VBUU+EdqohAjuJ8ooVqsUf47cWqDj2SOcvOxcnyAbL7Vg+9SViY2C7GH778CW69/Es0P
         44473ag8WbwOtuxdI3dPsTuH0ayrUFhppNiwRFbWKGwvth7owD/YLiF6JvUypri2hoWG
         Swhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:subject:reply-to:cc:from:to:dkim-signature:date;
        bh=zUY1WTDEiMVW2+TLKz6QzDCMBOZ6h9D50PRiYZRI15E=;
        b=Iyho/LAFiV8FYJZr88S01I21jqHXQ3DDw70Chv9dgZHcL3aqC676K6ifDbz604u77V
         /A0+I7y4mzjUpX2ctGPDeYK0UiPWFyHocSbLTptIHuCMg6P+W8Ex7r8PS3iYWHOz15Qw
         WzS0KGvzwVEti+WRXHMGUWoHUF2g4L2aCAfGGubYsEEuxkerW71z/i66Dg4F6KC4MZv6
         UaYSdzfkbIGiyJ9Pp3jKEUmVqXRL7RqQOB8EUIcCEmOkOHPe9EtQeR5KP4q/4gLHrl0O
         lC40tNqIsgj18RAxrpdQx7pfCGFhSIHXKu/Rj+DUIhvuFFsyUnOVLPrF/SU8IousfZI/
         R+gw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@pm.me header.s=protonmail header.b="cAHC/A9C";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l19si6600750eja.479.2021.01.11.05.11.29;
        Mon, 11 Jan 2021 05:11:59 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@pm.me header.s=protonmail header.b="cAHC/A9C";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726711AbhAKMKq (ORCPT <rfc822;linux.oss.ml@gmail.com>
        + 99 others); Mon, 11 Jan 2021 07:10:46 -0500
Received: from mail2.protonmail.ch ([185.70.40.22]:32262 "EHLO
        mail2.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726635AbhAKMKq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Jan 2021 07:10:46 -0500
Date:   Mon, 11 Jan 2021 12:09:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail;
        t=1610366997; bh=zUY1WTDEiMVW2+TLKz6QzDCMBOZ6h9D50PRiYZRI15E=;
        h=Date:To:From:Cc:Reply-To:Subject:From;
        b=cAHC/A9CkwDn9wy1cgwJc5gsJHjgqEyimjEimCKPMLzw7DiGk5avDFOZn1TIrlFuI
         wrVyHm9ygMCIVI6uc5nS6rPFcQ3t/QeJqsSojuiGiEX4Dm9QnifesPm7/9x4B0FUsT
         oPx2fWkf/QJCqkYUlUiKKfzM4Z8OAEg1ZmLL2q4Q+L+OdbLHAcjS4dpDsNSTMAEjL4
         KR7aLkhkxfVvg8ity9wkNWXG4uU61DCKoPV3+T9IoN7RMli3ODHhI4VXPkj0NamG8j
         bd19BMSOq+1Dr+Jol9h6diT19mIDqQ6CGdXfFKLEO0xBpac7Q13SdkSy1xzSyd1gRE
         qFDGdo3P3y0gQ==
To:     Steffen Klassert <steffen.klassert@secunet.com>
From:   Alexander Lobakin <alobakin@pm.me>
Cc:     Alexander Lobakin <alobakin@pm.me>,
        Dongseok Yi <dseok.yi@samsung.com>,
        "'David S. Miller'" <davem@davemloft.net>,
        namkyu78.kim@samsung.com,
        'Alexey Kuznetsov' <kuznet@ms2.inr.ac.ru>,
        'Hideaki YOSHIFUJI' <yoshfuji@linux-ipv6.org>,
        'Jakub Kicinski' <kuba@kernel.org>,
        'Willem de Bruijn' <willemb@google.com>,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Reply-To: Alexander Lobakin <alobakin@pm.me>
Subject: Re: [RFC PATCH net] udp: check sk for UDP GRO fraglist
Message-ID: <20210111120902.2453-1-alobakin@pm.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Mon, 11 Jan 2021 09:43:22 +0100

> On Mon, Jan 11, 2021 at 11:02:42AM +0900, Dongseok Yi wrote:
>> On 2021-01-08 22:35, Steffen Klassert wrote:
>>> On Fri, Jan 08, 2021 at 09:52:28PM +0900, Dongseok Yi wrote:
>>>> It is a workaround patch.
>>>>
>>>> UDP/IP header of UDP GROed frag_skbs are not updated even after NAT
>>>> forwarding. Only the header of head_skb from ip_finish_output_gso ->
>>>> skb_gso_segment is updated but following frag_skbs are not updated.
>>>>
>>>> A call path skb_mac_gso_segment -> inet_gso_segment ->
>>>> udp4_ufo_fragment -> __udp_gso_segment -> __udp_gso_segment_list
>>>> does not try to update any UDP/IP header of the segment list.
>>>>
>>>> It might make sense because each skb of frag_skbs is converted to a
>>>> list of regular packets. Header update with checksum calculation may
>>>> be not needed for UDP GROed frag_skbs.
>>>>
>>>> But UDP GRO frag_list is started from udp_gro_receive, we don't know
>>>> whether the skb will be NAT forwarded at that time. For workaround,
>>>> try to get sock always when call udp4_gro_receive -> udp_gro_receive
>>>> to check if the skb is for local.
>>>>
>>>> I'm still not sure if UDP GRO frag_list is really designed for local
>>>> session only. Can kernel support NAT forward for UDP GRO frag_list?
>>>> What am I missing?
>>>
>>> The initial idea when I implemented this was to have a fast
>>> forwarding path for UDP. So forwarding is a usecase, but NAT
>>> is a problem, indeed. A quick fix could be to segment the
>>> skb before it gets NAT forwarded. Alternatively we could
>>> check for a header change in __udp_gso_segment_list and
>>> update the header of the frag_skbs accordingly in that case.
>>
>> Thank you for explaining.
>> Can I think of it as a known issue?
>
> No, it was not known before you reported it.
>
>> I think we should have a fix
>> because NAT can be triggered by user. Can I check the current status?
>> Already planning a patch or a new patch should be written?
>
> We have to do a new patch to fix that issue. If you want do
> do so, go ahead.

This patch is incorrect. I do NAT UDP GRO Fraglists via nftables
(both with and without flow offload) with no issues since March'20.
Packet loss rates are always +/- 0, so I can say it works properly.
I can share any details / dump any runtime data if needed.

Thanks,
Al