From: Mark McKinstry Subject: Re: [PATCH] vti6: Add pmtu handling to vti6_xmit. Date: Thu, 18 Feb 2016 01:40:00 +0000 Message-ID: <56C520F0.4050309@alliedtelesis.co.nz> References: <20150529182709.2147.78230.stgit@ahduyck-vm-fedora22> <56BA975D.2040706@alliedtelesis.co.nz> <20160217070805.GA316@gauss.secunet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8BIT Cc: "linux-crypto@vger.kernel.org" , "alexander.h.duyck@redhat.com" , "herbert@gondor.apana.org.au" , "davem@davemloft.net" To: Steffen Klassert Return-path: Received: from gate2.alliedtelesis.co.nz ([202.36.163.20]:53712 "EHLO gate2.alliedtelesis.co.nz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423018AbcBRBkI convert rfc822-to-8bit (ORCPT ); Wed, 17 Feb 2016 20:40:08 -0500 Received: from mmarshal3.atlnz.lc (mmarshal3.atlnz.lc [10.32.18.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by gate2.alliedtelesis.co.nz (Postfix) with ESMTPS id 6327380716 for ; Thu, 18 Feb 2016 14:40:02 +1300 (NZDT) In-Reply-To: <20160217070805.GA316@gauss.secunet.com> Content-Language: en-US Content-ID: Sender: linux-crypto-owner@vger.kernel.org List-ID: On 17/02/16 20:08, Steffen Klassert wrote: > On Wed, Feb 10, 2016 at 01:50:20AM +0000, Mark McKinstry wrote: >>> So this version is slightly modified to cover the IPv4 case in addition to >>> the IPv6 case. With this patch I was able to run netperf over either an >>> IPv4 or IPv6 address routed over the ip6_vti tunnel. >> We have the same issue. When we do a local ping to a remote device over >> a v4 vti tunnel and an intermediate device has a low mtu, pmtu >> discovery reduces the route's pmtu, and ping fails because it does not >> handle the local error message generated by xfrm4_tunnel_check_size(). >> Your patch fixes our issue for v6 vti tunnels, but the issue still >> exists for v4 tunnels. Is there any particular reason this patch was >> not delivered for v4 tunnels too - i.e. in vti_xmit()? > I don't remember why we fixed it just for ipv6, we probably need > a similar patch for ipv4. > > Does the patch below help (compile tested only)? > > Subject: [PATCH] vti: Add pmtu handling to vti_xmit. > > We currently rely on the PMTU discovery of xfrm. > However if a packet is localy sent, the PMTU mechanism > of xfrm tries to to local socket notification what > might not work for applications like ping that don't > check for this. So add pmtu handling to vti_xmit to > report MTU changes immediately. > > Signed-off-by: Steffen Klassert > --- > net/ipv4/ip_vti.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c > index 5cf10b7..6862305 100644 > --- a/net/ipv4/ip_vti.c > +++ b/net/ipv4/ip_vti.c > @@ -156,6 +156,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev, > struct dst_entry *dst = skb_dst(skb); > struct net_device *tdev; /* Device to other host */ > int err; > + int mtu; > > if (!dst) { > dev->stats.tx_carrier_errors++; > @@ -196,6 +197,18 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev, > skb_dst_set(skb, dst); > skb->dev = skb_dst(skb)->dev; > > + mtu = dst_mtu(dst); > + if (!skb->ignore_df && skb->len > mtu) { > + skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); > + if (skb->protocol == htons(ETH_P_IP)) > + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, > + htonl(mtu)); > + else > + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); > + > + return -EMSGSIZE; > + } > + > err = dst_output(tunnel->net, skb->sk, skb); > if (net_xmit_eval(err) == 0) > err = skb->len; This patch fixes our issue, thanks. In our scenario the tunnel path MTU now gets updated so that subsequent large packets sent over the tunnel get fragmented correctly.