Hi, On Sun, Aug 21, 2016, at 10:22, Shmulik Ladkani wrote: > In b8247f095e, > > "net: ip_finish_output_gso: If skb_gso_network_seglen exceeds MTU, > allow segmentation for local udp tunneled skbs" > > gso skbs arriving from an ingress interface that go through UDP > tunneling, are allowed to be fragmented if the resulting encapulated > segments exceed the dst mtu of the egress interface. > > This aligned the behavior of gso skbs to non-gso skbs going through udp > encapsulation path. > > However the non-gso vs gso anomaly is present also in the following > cases of a GRE tunnel: > - ip_gre in collect_md mode, where TUNNEL_DONT_FRAGMENT is not set > (e.g. OvS vport-gre with df_default=false) > - ip_gre in nopmtudisc mode, where IFLA_GRE_IGNORE_DF is set > > In both of the above cases, the non-gso skbs get fragmented, whereas the > gso skbs (having skb_gso_network_seglen that exceeds dst mtu) get > dropped, > as they don't go through the segment+fragment code path. > > Fix: Setting IPSKB_FRAG_SEGS if the tunnel specified IP_DF bit is NOT > set. > > Tunnels that do set IP_DF, will not go to fragmentation of segments. > This preserves behavior of ip_gre in (the default) pmtudisc mode. > > Fixes: b8247f095e ("net: ip_finish_output_gso: If skb_gso_network_seglen > exceeds MTU, allow segmentation for local udp tunneled skbs") > Reported-by: wenxu <we...@ucloud.cn> > Cc: Hannes Frederic Sowa <han...@stressinduktion.org> > Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org> Your dissecting of the current state of fragmentation handling also looked fine. I wonder if it would now make sense to add a sysctl to add back the dropping of packets in case they can't be fragmented by a bridge, as we made sure that the defaults don't break for anyone. Thanks, Hannes