diff mbox series

[net] openvswitch: fix drop over mtu packet after defrag in act_ct

Message ID 1595300992-18381-1-git-send-email-wenxu@ucloud.cn
State Superseded
Delegated to: David Miller
Headers show
Series [net] openvswitch: fix drop over mtu packet after defrag in act_ct | expand

Commit Message

wenxu July 21, 2020, 3:09 a.m. UTC 
From: wenxu <wenxu@ucloud.cn>

When openvswitch conntrack offload with act_ct action. Fragment packets
defrag in the ingress tc act_ct action and miss the next chain. Then the
packet pass to the openvswitch datapath without the mru. The defrag over
mtu packet will be dropped in output of openvswitch for over mtu.

"kernel: net2: dropped over-mtu packet: 1508 > 1500"

Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: wenxu <wenxu@ucloud.cn>
---
 include/linux/skbuff.h    | 1 +
 include/net/sch_generic.h | 1 +
 net/openvswitch/flow.c    | 1 +
 net/sched/act_ct.c        | 8 ++++++--
 net/sched/cls_api.c       | 1 +
 5 files changed, 10 insertions(+), 2 deletions(-)

Comments

David Miller July 23, 2020, 12:15 a.m. UTC | #1 
From: wenxu@ucloud.cn
Date: Tue, 21 Jul 2020 11:09:52 +0800

> From: wenxu <wenxu@ucloud.cn>
> 
> When openvswitch conntrack offload with act_ct action. Fragment packets
> defrag in the ingress tc act_ct action and miss the next chain. Then the
> packet pass to the openvswitch datapath without the mru. The defrag over
> mtu packet will be dropped in output of openvswitch for over mtu.
> 
> "kernel: net2: dropped over-mtu packet: 1508 > 1500"
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: wenxu <wenxu@ucloud.cn>

Just FYI, I'm not applying this without some review.
wenxu July 23, 2020, 2:35 a.m. UTC | #2 
Hi paulb & Pravin,


Could you review for this patch> Thanks.


BR

wenxu

On 7/21/2020 11:09 AM, wenxu@ucloud.cn wrote:
> From: wenxu <wenxu@ucloud.cn>
>
> When openvswitch conntrack offload with act_ct action. Fragment packets
> defrag in the ingress tc act_ct action and miss the next chain. Then the
> packet pass to the openvswitch datapath without the mru. The defrag over
> mtu packet will be dropped in output of openvswitch for over mtu.
>
> "kernel: net2: dropped over-mtu packet: 1508 > 1500"
>
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: wenxu <wenxu@ucloud.cn>
> ---
>  include/linux/skbuff.h    | 1 +
>  include/net/sch_generic.h | 1 +
>  net/openvswitch/flow.c    | 1 +
>  net/sched/act_ct.c        | 8 ++++++--
>  net/sched/cls_api.c       | 1 +
>  5 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index 0c0377f..0d842d6 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -283,6 +283,7 @@ struct nf_bridge_info {
>   */
>  struct tc_skb_ext {
>  	__u32 chain;
> +	__u16 mru;
>  };
>  #endif
>  
> diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
> index c510b03..45401d5 100644
> --- a/include/net/sch_generic.h
> +++ b/include/net/sch_generic.h
> @@ -384,6 +384,7 @@ struct qdisc_skb_cb {
>  	};
>  #define QDISC_CB_PRIV_LEN 20
>  	unsigned char		data[QDISC_CB_PRIV_LEN];
> +	u16			mru;
>  };
>  
>  typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv);
> diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
> index 9d375e7..03942c3 100644
> --- a/net/openvswitch/flow.c
> +++ b/net/openvswitch/flow.c
> @@ -890,6 +890,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
>  	if (static_branch_unlikely(&tc_recirc_sharing_support)) {
>  		tc_ext = skb_ext_find(skb, TC_SKB_EXT);
>  		key->recirc_id = tc_ext ? tc_ext->chain : 0;
> +		OVS_CB(skb)->mru = tc_ext ? tc_ext->mru : 0;
>  	} else {
>  		key->recirc_id = 0;
>  	}
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index 5928efb..69445ab 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -706,8 +706,10 @@ static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
>  		if (err && err != -EINPROGRESS)
>  			goto out_free;
>  
> -		if (!err)
> +		if (!err) {
>  			*defrag = true;
> +			cb.mru = IPCB(skb)->frag_max_size;
> +		}
>  	} else { /* NFPROTO_IPV6 */
>  #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
>  		enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
> @@ -717,8 +719,10 @@ static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
>  		if (err && err != -EINPROGRESS)
>  			goto out_free;
>  
> -		if (!err)
> +		if (!err) {
>  			*defrag = true;
> +			cb.mru = IP6CB(skb)->frag_max_size;
> +		}
>  #else
>  		err = -EOPNOTSUPP;
>  		goto out_free;
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index e62beec..a4d9eaa 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -1628,6 +1628,7 @@ int tcf_classify_ingress(struct sk_buff *skb,
>  		if (WARN_ON_ONCE(!ext))
>  			return TC_ACT_SHOT;
>  		ext->chain = last_executed_chain;
> +		ext->mru = qdisc_skb_cb(skb)->mru;
>  	}
>  
>  	return ret;
David Miller July 29, 2020, 12:03 a.m. UTC | #3 
From: wenxu@ucloud.cn
Date: Tue, 21 Jul 2020 11:09:52 +0800

> From: wenxu <wenxu@ucloud.cn>
> 
> When openvswitch conntrack offload with act_ct action. Fragment packets
> defrag in the ingress tc act_ct action and miss the next chain. Then the
> packet pass to the openvswitch datapath without the mru. The defrag over
> mtu packet will be dropped in output of openvswitch for over mtu.
> 
> "kernel: net2: dropped over-mtu packet: 1508 > 1500"
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: wenxu <wenxu@ucloud.cn>

After an entire week, nobody has reviewed this patch.

Therefore I am dropping it from my patchwork queue.
diff mbox series

Patch

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 0c0377f..0d842d6 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -283,6 +283,7 @@  struct nf_bridge_info {
  */
 struct tc_skb_ext {
 	__u32 chain;
+	__u16 mru;
 };
 #endif
 
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index c510b03..45401d5 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -384,6 +384,7 @@  struct qdisc_skb_cb {
 	};
 #define QDISC_CB_PRIV_LEN 20
 	unsigned char		data[QDISC_CB_PRIV_LEN];
+	u16			mru;
 };
 
 typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv);
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 9d375e7..03942c3 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -890,6 +890,7 @@  int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
 	if (static_branch_unlikely(&tc_recirc_sharing_support)) {
 		tc_ext = skb_ext_find(skb, TC_SKB_EXT);
 		key->recirc_id = tc_ext ? tc_ext->chain : 0;
+		OVS_CB(skb)->mru = tc_ext ? tc_ext->mru : 0;
 	} else {
 		key->recirc_id = 0;
 	}
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 5928efb..69445ab 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -706,8 +706,10 @@  static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
 		if (err && err != -EINPROGRESS)
 			goto out_free;
 
-		if (!err)
+		if (!err) {
 			*defrag = true;
+			cb.mru = IPCB(skb)->frag_max_size;
+		}
 	} else { /* NFPROTO_IPV6 */
 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
 		enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
@@ -717,8 +719,10 @@  static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
 		if (err && err != -EINPROGRESS)
 			goto out_free;
 
-		if (!err)
+		if (!err) {
 			*defrag = true;
+			cb.mru = IP6CB(skb)->frag_max_size;
+		}
 #else
 		err = -EOPNOTSUPP;
 		goto out_free;
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index e62beec..a4d9eaa 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -1628,6 +1628,7 @@  int tcf_classify_ingress(struct sk_buff *skb,
 		if (WARN_ON_ONCE(!ext))
 			return TC_ACT_SHOT;
 		ext->chain = last_executed_chain;
+		ext->mru = qdisc_skb_cb(skb)->mru;
 	}
 
 	return ret;