From: Tobias Brunner <tobias@strongswan•org>
To: Florian Westphal <fw@strlen•de>
Cc: netdev@vger•kernel.org, "David S. Miller" <davem@davemloft•net>,
Herbert Xu <herbert@gondor•apana.org.au>,
Marcelo Ricardo Leitner <mleitner@redhat•com>
Subject: Problems with fragments since gso skb forwarding changes in virtual environment
Date: Mon, 07 Apr 2014 18:04:42 +0200 [thread overview]
Message-ID: <5342CC9A.6040800@strongswan.org> (raw)
Hi Florian et al,
We noticed a problem with fragmented packets in the KVM/libvirt-based
strongSwan integration test environment [1] with guest kernels that
include the following commit:
net: ip, ipv6: handle gso skbs in forwarding path
fe6cc55f3a9a053482a76f5a6b2257cee51b4663
The network topology in test scenarios that trigger the problem is as
follows:
Host A - br1 - Router R - br2 - Host B
Where the two hosts and the router are virtual guests connected via
bridges all created via libvirt (see [2] for the XML config files). The
guest's network interfaces all use virtio.
If the router runs with a kernel that includes the commit above, packets
sent from A to B that exceed the MTU (1500 in this case) will be split
into fragments when leaving R. These fragment skbs get defragmented by
the host kernel's nf_defrag_ipv4 module while being forwarded on br2.
This poses a problem. Because the fragment skbs are not GSO, neither is
the defragmented skb. Hence the packets are dropped just before leaving
the bridge, as is_skb_forwardable() will return false unless a too large
skb is actually GSO (this is the same for older host kernels, where the
check is directly done in br_forward.c).
Without the commit, and between A and R even with it (because it only
affects forwarding), the skbs are GSO throughout and transmitted from A
to B without ever actually being fragmented.
Any ideas how to fix this properly? That is, without just reverting
parts of your commit for our guest kernels.
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/TestingEnvironment
[2] http://git.strongswan.org/?p=strongswan.git;a=tree;f=testing/config/kvm
next reply other threads:[~2014-04-07 16:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-07 16:04 Tobias Brunner [this message]
2014-04-07 23:46 ` Problems with fragments since gso skb forwarding changes in virtual environment Florian Westphal
2014-04-08 0:05 ` David Miller
2014-04-08 0:26 ` Florian Westphal
2014-04-08 12:24 ` Tobias Brunner
2014-04-08 14:33 ` Florian Westphal
2014-04-08 15:36 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5342CC9A.6040800@strongswan.org \
--to=tobias@strongswan$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=fw@strlen$(echo .)de \
--cc=herbert@gondor$(echo .)apana.org.au \
--cc=mleitner@redhat$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox