from upstream PR#242
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
patches/0006-cherry-pick-pmtud-fixes.patch | 256 +++++++++++++++++++++
patches/series | 1 +
2 files changed, 257 insertions(+)
create mode 100644 patches/0006-cherry-pick-pmtud-fixes.patch
diff --git a/patches/0006-cherry-pick-pmtud-fixes.patch
b/patches/0006-cherry-pick-pmtud-fixes.patch
new file mode 100644
index 0000000..9653db7
--- /dev/null
+++ b/patches/0006-cherry-pick-pmtud-fixes.patch
@@ -0,0 +1,256 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbich...@proxmox.com>
+Date: Fri, 2 Aug 2019 10:52:32 +0200
+Subject: [PATCH kronosnet] cherry-pick pmtud fixes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+from upstream PR#242.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
+---
+ ...ation-when-using-crypto-and-add-docs.patch | 100 ++++++++++++++++++
+ .../patches/crypto-fix-log-information.patch | 32 ++++++
+ .../patches/docs-add-knet-packet-layout.patch | 43 ++++++++
+ ...nformation-about-detected-kernel-MTU.patch | 22 ++++
+ debian/patches/series | 4 +
+ 5 files changed, 201 insertions(+)
+ create mode 100644
debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+ create mode 100644 debian/patches/crypto-fix-log-information.patch
+ create mode 100644 debian/patches/docs-add-knet-packet-layout.patch
+ create mode 100644
debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+
+diff --git
a/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+new file mode 100644
+index 0000000..2e55471
+--- /dev/null
++++
b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+@@ -0,0 +1,100 @@
++From: "Fabio M. Di Nitto" <fdini...@redhat.com>
++Date: Fri, 2 Aug 2019 10:44:23 +0200
++Subject: [PMTUd] fix MTU calculation when using crypto and add docs
++
++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com>
++(cherry picked from commit 06709869d55061d9e402928f63b8ea062dd19dfd)
++---
++ libknet/threads_pmtud.c | 55
+++++++++++++++++++++++++++++++++++++++++++------
++ 1 file changed, 49 insertions(+), 6 deletions(-)
++
++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
++index 2cd48f9..1a19806 100644
++--- a/libknet/threads_pmtud.c
+++++ b/libknet/threads_pmtud.c
++@@ -113,29 +113,68 @@ restart:
++ * knet_h->sec_hash_size is >= 0 if signing is enabled
++ */
++
+++ /*
+++ * common to all packets
+++ */
++ data_len = onwire_len - overhead_len;
++
++ if (knet_h->crypto_instance) {
++
+++realign:
++ if (knet_h->sec_block_size) {
+++
+++ /*
+++ * drop both salt and hash, that leaves only the crypto
data and padding
+++ * we need to calculate the padding based on the real
encrypted data.
+++ */
+++ data_len = data_len - (knet_h->sec_salt_size +
knet_h->sec_hash_size);
+++
+++ /*
+++ * if the crypto mechanism requires padding, calculate
the padding
+++ * and add it back to data_len because that's what the
crypto layer
+++ * would do.
+++ */
++ pad_len = knet_h->sec_block_size - (data_len %
knet_h->sec_block_size);
+++
+++ /*
+++ * if are at the boundary, reset padding
+++ */
++ if (pad_len == knet_h->sec_block_size) {
++ pad_len = 0;
++ }
++ data_len = data_len + pad_len;
++- }
++
++- data_len = data_len + (knet_h->sec_hash_size +
knet_h->sec_salt_size + knet_h->sec_block_size);
++-
++- if (knet_h->sec_block_size) {
+++ /*
+++ * if our current data_len is higher than max_mtu_len
+++ * then we need to reduce by padding size (that is our
+++ * increment / decrement value)
+++ *
+++ * this generally happens only on the first PMTUd run
+++ */
++ while (data_len + overhead_len >= max_mtu_len) {
++ data_len = data_len - knet_h->sec_block_size;
++ }
+++
+++ /*
+++ * add both hash and salt size back, similar to padding
above,
+++ * the crypto layer will add them to the data_len
+++ */
+++ data_len = data_len + (knet_h->sec_salt_size +
knet_h->sec_hash_size);
++ }
++
++ if (dst_link->last_bad_mtu) {
++- while (data_len + overhead_len >=
dst_link->last_bad_mtu) {
++- data_len = data_len - (knet_h->sec_hash_size +
knet_h->sec_salt_size + knet_h->sec_block_size);
+++ if (data_len + overhead_len >= dst_link->last_bad_mtu) {
+++ /*
+++ * reduce data_len to something lower than
last_bad_mtu, overhead_len
+++ * and sec_block_size (decrementing step) - 1
(granularity)
+++ */
+++ data_len = dst_link->last_bad_mtu -
overhead_len - knet_h->sec_block_size - 1;
+++ if (knet_h->sec_block_size) {
+++ /*
+++ * make sure that data_len is aligned
to the sec_block_size boundary
+++ */
+++ goto realign;
+++ }
++ }
++ }
++
++@@ -144,6 +183,10 @@ restart:
++ return -1;
++ }
++
+++ /*
+++ * recalculate onwire_len based on crypto information
+++ * and place it in the PMTUd packet info
+++ */
++ onwire_len = data_len + overhead_len;
++ knet_h->pmtudbuf->khp_pmtud_size = onwire_len;
++
+diff --git a/debian/patches/crypto-fix-log-information.patch
b/debian/patches/crypto-fix-log-information.patch
+new file mode 100644
+index 0000000..8823888
+--- /dev/null
++++ b/debian/patches/crypto-fix-log-information.patch
+@@ -0,0 +1,32 @@
++From: "Fabio M. Di Nitto" <fdini...@redhat.com>
++Date: Tue, 30 Jul 2019 11:18:33 +0200
++Subject: [crypto] fix log information
++
++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com>
++(cherry picked from commit b54f80dcf14fc962fdf304d41be0b1001de716e7)
++---
++ libknet/crypto.c | 4 ++--
++ 1 file changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/libknet/crypto.c b/libknet/crypto.c
++index 9f05fba..9d6757b 100644
++--- a/libknet/crypto.c
+++++ b/libknet/crypto.c
++@@ -151,8 +151,6 @@ int crypto_init(
++ goto out;
++ }
++
++- log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu",
knet_h->sec_header_size);
++-
++ out:
++ if (!err) {
++ knet_h->crypto_instance = new;
++@@ -161,6 +159,8 @@ out:
++ knet_h->sec_hash_size = new->sec_hash_size;
++ knet_h->sec_salt_size = new->sec_salt_size;
++
+++ log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead:
%zu", knet_h->sec_header_size);
+++
++ if (current) {
++ if (crypto_modules_cmds[current->model].ops->fini !=
NULL) {
++
crypto_modules_cmds[current->model].ops->fini(knet_h, current);
+diff --git a/debian/patches/docs-add-knet-packet-layout.patch
b/debian/patches/docs-add-knet-packet-layout.patch
+new file mode 100644
+index 0000000..5a3ec84
+--- /dev/null
++++ b/debian/patches/docs-add-knet-packet-layout.patch
+@@ -0,0 +1,43 @@
++From: "Fabio M. Di Nitto" <fdini...@redhat.com>
++Date: Fri, 2 Aug 2019 10:43:09 +0200
++Subject: [docs] add knet packet layout
++
++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com>
++(cherry picked from commit 5608714c6951afdad02e13a6468fc1df020b4de4)
++---
++ libknet/threads_pmtud.c | 22 ++++++++++++++++++++++
++ 1 file changed, 22 insertions(+)
++
++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
++index 603f595..2cd48f9 100644
++--- a/libknet/threads_pmtud.c
+++++ b/libknet/threads_pmtud.c
++@@ -91,6 +91,28 @@ restart:
++ failsafe++;
++ }
++
+++ /*
+++ * unencrypted packet looks like:
+++ *
+++ * | ip | protocol | knet_header | unencrypted data
|
+++ * | onwire_len
|
+++ * | overhead_len |
+++ * | data_len
|
+++ * | app MTU
|
+++ *
+++ * encrypted packet looks like (not to scale):
+++ *
+++ * | ip | protocol | salt | crypto(knet_header | data) |
crypto_data_pad | hash |
+++ * | onwire_len
|
+++ * | overhead_len |
+++ * | data_len
|
+++ * | app MTU |
+++ *
+++ * knet_h->sec_block_size is >= 0 if encryption will pad the data
+++ * knet_h->sec_salt_size is >= 0 if encryption is enabled
+++ * knet_h->sec_hash_size is >= 0 if signing is enabled
+++ */
+++
++ data_len = onwire_len - overhead_len;
++
++ if (knet_h->crypto_instance) {
+diff --git
a/debian/patches/udp-log-information-about-detected-kernel-MTU.patch
b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+new file mode 100644
+index 0000000..a28d3ad
+--- /dev/null
++++ b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+@@ -0,0 +1,22 @@
++From: "Fabio M. Di Nitto" <fdini...@redhat.com>
++Date: Wed, 31 Jul 2019 14:15:07 +0200
++Subject: [udp] log information about detected kernel MTU
++
++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com>
++(cherry picked from commit 84aed4bba304f40feb32a5c09885350756ab2d1d)
++---
++ libknet/transport_udp.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
++index 53d2ba0..be990bb 100644
++--- a/libknet/transport_udp.c
+++++ b/libknet/transport_udp.c
++@@ -337,6 +337,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int
sockfd)
++ break;
++ } else {
++
knet_h->kernel_mtu = sock_err->ee_info;
+++
log_debug(knet_h, KNET_SUB_TRANSP_UDP, "detected kernel MTU: %u",
knet_h->kernel_mtu);
++
pthread_mutex_unlock(&knet_h->kmtu_mutex);
++ }
++
+diff --git a/debian/patches/series b/debian/patches/series
+index e58890e..c5950b7 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -75,3 +75,7 @@ crypto-hide-errors-generated-by-openssl-1.1.1c.patch
+ doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
+ global-clarify-license-entry-per-file-to-match-README.lic.patch
+ global-update-copyrights.patch
++crypto-fix-log-information.patch
++udp-log-information-about-detected-kernel-MTU.patch
++docs-add-knet-packet-layout.patch
++PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
diff --git a/patches/series b/patches/series
index 2c013fc..3f64ee5 100644
--- a/patches/series
+++ b/patches/series
@@ -3,3 +3,4 @@
0003-cherry-pick-1.10-as-patches.patch
0004-add-libzstd-dev-to-build-depends.patch
0005-add-new-symbols-for-libknet-1.10.patch
+0006-cherry-pick-pmtud-fixes.patch
--
2.20.1
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
