From patchwork Wed Oct 26 09:21:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 686946 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3t3kzf6kqfz9t0J for ; Wed, 26 Oct 2016 20:21:34 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757517AbcJZJV1 (ORCPT ); Wed, 26 Oct 2016 05:21:27 -0400 Received: from mail-wm0-f43.google.com ([74.125.82.43]:37292 "EHLO mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757307AbcJZJVZ (ORCPT ); Wed, 26 Oct 2016 05:21:25 -0400 Received: by mail-wm0-f43.google.com with SMTP id 140so9789466wmv.0 for ; Wed, 26 Oct 2016 02:21:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=T2uv88wRs1/0RSkUeaQrxb2iIllifm3aZ8gcVdelwu4=; b=KTLGI8V2Mk8bLosN/f45bUiPl3NLzMBoZy8ij897tMkNqeoA0RCN3cg1O09KrUdHeD h3Bu5dfH2Ya17rrMMfVNEXHAMH0VyAJjdewNmnPbk6P3yFXAYXUVE8pUPcu5GyTiQLm7 Hk2K/r4/DqM0ZAuQhyluHrXea9WpFes/Qs/85I458A+olCXGaZxbFrqO84KxlxBJT2IX LrX8vQ2kBjNY9r9WIm7z2ZGBBk0Mxwk0YevqVHWT0E5QiFO0hzEgJtbZyce0ZV9YhvjT ocBuHyxdbOsFOzp0H4z8yu1HxJfQaVNzua2q09LfhhrqSZUYNR9khGlq+PkYbZ5QkwtG Ku7w== X-Gm-Message-State: ABUngvdmQHogkgeKnd3oPXs7gVcV83nN7i1AfvDS3Fb7RFEkrJu9Zz/bsQHseZ9FgBH7PiG5 X-Received: by 10.28.156.10 with SMTP id f10mr7872097wme.57.1477473676375; Wed, 26 Oct 2016 02:21:16 -0700 (PDT) Received: from redhat.com ([149.6.38.86]) by smtp.gmail.com with ESMTPSA id pe5sm1493390wjb.15.2016.10.26.02.21.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Oct 2016 02:21:15 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org Cc: David Miller , Hannes Frederic Sowa , Florian Westphal Subject: [PATCH net] ipv6: Don't use ufo handling on later transformed packets Date: Wed, 26 Oct 2016 11:21:14 +0200 Message-Id: <1477473674-21702-1-git-send-email-jkbs@redhat.com> X-Mailer: git-send-email 2.7.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Similar to commit c146066ab802 ("ipv4: Don't use ufo handling on later transformed packets"), don't perform UFO on packets that will be IPsec transformed. To detect it we rely on the fact that headerlen in dst_entry is non-zero only for transformation bundles (xfrm_dst objects). Unwanted segmentation can be observed with a NETIF_F_UFO capable device, such as a dummy device: DEV=dum0 LEN=1493 ip li add $DEV type dummy ip addr add fc00::1/64 dev $DEV nodad ip link set $DEV up ip xfrm policy add dir out src fc00::1 dst fc00::2 \ tmpl src fc00::1 dst fc00::2 proto esp spi 1 ip xfrm state add src fc00::1 dst fc00::2 \ proto esp spi 1 enc 'aes' 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b tcpdump -n -nn -i $DEV -t & socat /dev/zero,readbytes=$LEN udp6:[fc00::2]:$LEN tcpdump output before: IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448 IP6 fc00::1 > fc00::2: frag (1448|48) IP6 fc00::1 > fc00::2: ESP(spi=0x00000001,seq=0x2), length 88 ... and after: IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448 IP6 fc00::1 > fc00::2: frag (1448|80) Fixes: e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") Signed-off-by: Jakub Sitnicki Acked-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 6001e78..59eb4ed 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1366,7 +1366,7 @@ static int __ip6_append_data(struct sock *sk, if (((length > mtu) || (skb && skb_is_gso(skb))) && (sk->sk_protocol == IPPROTO_UDP) && - (rt->dst.dev->features & NETIF_F_UFO) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) { err = ip6_ufo_append_data(sk, queue, getfrag, from, length, hh_len, fragheaderlen, exthdrlen,