from upstream PR#242 Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- patches/0006-cherry-pick-pmtud-fixes.patch | 256 +++++++++++++++++++++ patches/series | 1 + 2 files changed, 257 insertions(+) create mode 100644 patches/0006-cherry-pick-pmtud-fixes.patch
diff --git a/patches/0006-cherry-pick-pmtud-fixes.patch b/patches/0006-cherry-pick-pmtud-fixes.patch new file mode 100644 index 0000000..9653db7 --- /dev/null +++ b/patches/0006-cherry-pick-pmtud-fixes.patch @@ -0,0 +1,256 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbich...@proxmox.com> +Date: Fri, 2 Aug 2019 10:52:32 +0200 +Subject: [PATCH kronosnet] cherry-pick pmtud fixes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +from upstream PR#242. + +Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> +--- + ...ation-when-using-crypto-and-add-docs.patch | 100 ++++++++++++++++++ + .../patches/crypto-fix-log-information.patch | 32 ++++++ + .../patches/docs-add-knet-packet-layout.patch | 43 ++++++++ + ...nformation-about-detected-kernel-MTU.patch | 22 ++++ + debian/patches/series | 4 + + 5 files changed, 201 insertions(+) + create mode 100644 debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch + create mode 100644 debian/patches/crypto-fix-log-information.patch + create mode 100644 debian/patches/docs-add-knet-packet-layout.patch + create mode 100644 debian/patches/udp-log-information-about-detected-kernel-MTU.patch + +diff --git a/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch +new file mode 100644 +index 0000000..2e55471 +--- /dev/null ++++ b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch +@@ -0,0 +1,100 @@ ++From: "Fabio M. Di Nitto" <fdini...@redhat.com> ++Date: Fri, 2 Aug 2019 10:44:23 +0200 ++Subject: [PMTUd] fix MTU calculation when using crypto and add docs ++ ++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com> ++(cherry picked from commit 06709869d55061d9e402928f63b8ea062dd19dfd) ++--- ++ libknet/threads_pmtud.c | 55 +++++++++++++++++++++++++++++++++++++++++++------ ++ 1 file changed, 49 insertions(+), 6 deletions(-) ++ ++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c ++index 2cd48f9..1a19806 100644 ++--- a/libknet/threads_pmtud.c +++++ b/libknet/threads_pmtud.c ++@@ -113,29 +113,68 @@ restart: ++ * knet_h->sec_hash_size is >= 0 if signing is enabled ++ */ ++ +++ /* +++ * common to all packets +++ */ ++ data_len = onwire_len - overhead_len; ++ ++ if (knet_h->crypto_instance) { ++ +++realign: ++ if (knet_h->sec_block_size) { +++ +++ /* +++ * drop both salt and hash, that leaves only the crypto data and padding +++ * we need to calculate the padding based on the real encrypted data. +++ */ +++ data_len = data_len - (knet_h->sec_salt_size + knet_h->sec_hash_size); +++ +++ /* +++ * if the crypto mechanism requires padding, calculate the padding +++ * and add it back to data_len because that's what the crypto layer +++ * would do. +++ */ ++ pad_len = knet_h->sec_block_size - (data_len % knet_h->sec_block_size); +++ +++ /* +++ * if are at the boundary, reset padding +++ */ ++ if (pad_len == knet_h->sec_block_size) { ++ pad_len = 0; ++ } ++ data_len = data_len + pad_len; ++- } ++ ++- data_len = data_len + (knet_h->sec_hash_size + knet_h->sec_salt_size + knet_h->sec_block_size); ++- ++- if (knet_h->sec_block_size) { +++ /* +++ * if our current data_len is higher than max_mtu_len +++ * then we need to reduce by padding size (that is our +++ * increment / decrement value) +++ * +++ * this generally happens only on the first PMTUd run +++ */ ++ while (data_len + overhead_len >= max_mtu_len) { ++ data_len = data_len - knet_h->sec_block_size; ++ } +++ +++ /* +++ * add both hash and salt size back, similar to padding above, +++ * the crypto layer will add them to the data_len +++ */ +++ data_len = data_len + (knet_h->sec_salt_size + knet_h->sec_hash_size); ++ } ++ ++ if (dst_link->last_bad_mtu) { ++- while (data_len + overhead_len >= dst_link->last_bad_mtu) { ++- data_len = data_len - (knet_h->sec_hash_size + knet_h->sec_salt_size + knet_h->sec_block_size); +++ if (data_len + overhead_len >= dst_link->last_bad_mtu) { +++ /* +++ * reduce data_len to something lower than last_bad_mtu, overhead_len +++ * and sec_block_size (decrementing step) - 1 (granularity) +++ */ +++ data_len = dst_link->last_bad_mtu - overhead_len - knet_h->sec_block_size - 1; +++ if (knet_h->sec_block_size) { +++ /* +++ * make sure that data_len is aligned to the sec_block_size boundary +++ */ +++ goto realign; +++ } ++ } ++ } ++ ++@@ -144,6 +183,10 @@ restart: ++ return -1; ++ } ++ +++ /* +++ * recalculate onwire_len based on crypto information +++ * and place it in the PMTUd packet info +++ */ ++ onwire_len = data_len + overhead_len; ++ knet_h->pmtudbuf->khp_pmtud_size = onwire_len; ++ +diff --git a/debian/patches/crypto-fix-log-information.patch b/debian/patches/crypto-fix-log-information.patch +new file mode 100644 +index 0000000..8823888 +--- /dev/null ++++ b/debian/patches/crypto-fix-log-information.patch +@@ -0,0 +1,32 @@ ++From: "Fabio M. Di Nitto" <fdini...@redhat.com> ++Date: Tue, 30 Jul 2019 11:18:33 +0200 ++Subject: [crypto] fix log information ++ ++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com> ++(cherry picked from commit b54f80dcf14fc962fdf304d41be0b1001de716e7) ++--- ++ libknet/crypto.c | 4 ++-- ++ 1 file changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/libknet/crypto.c b/libknet/crypto.c ++index 9f05fba..9d6757b 100644 ++--- a/libknet/crypto.c +++++ b/libknet/crypto.c ++@@ -151,8 +151,6 @@ int crypto_init( ++ goto out; ++ } ++ ++- log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size); ++- ++ out: ++ if (!err) { ++ knet_h->crypto_instance = new; ++@@ -161,6 +159,8 @@ out: ++ knet_h->sec_hash_size = new->sec_hash_size; ++ knet_h->sec_salt_size = new->sec_salt_size; ++ +++ log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size); +++ ++ if (current) { ++ if (crypto_modules_cmds[current->model].ops->fini != NULL) { ++ crypto_modules_cmds[current->model].ops->fini(knet_h, current); +diff --git a/debian/patches/docs-add-knet-packet-layout.patch b/debian/patches/docs-add-knet-packet-layout.patch +new file mode 100644 +index 0000000..5a3ec84 +--- /dev/null ++++ b/debian/patches/docs-add-knet-packet-layout.patch +@@ -0,0 +1,43 @@ ++From: "Fabio M. Di Nitto" <fdini...@redhat.com> ++Date: Fri, 2 Aug 2019 10:43:09 +0200 ++Subject: [docs] add knet packet layout ++ ++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com> ++(cherry picked from commit 5608714c6951afdad02e13a6468fc1df020b4de4) ++--- ++ libknet/threads_pmtud.c | 22 ++++++++++++++++++++++ ++ 1 file changed, 22 insertions(+) ++ ++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c ++index 603f595..2cd48f9 100644 ++--- a/libknet/threads_pmtud.c +++++ b/libknet/threads_pmtud.c ++@@ -91,6 +91,28 @@ restart: ++ failsafe++; ++ } ++ +++ /* +++ * unencrypted packet looks like: +++ * +++ * | ip | protocol | knet_header | unencrypted data | +++ * | onwire_len | +++ * | overhead_len | +++ * | data_len | +++ * | app MTU | +++ * +++ * encrypted packet looks like (not to scale): +++ * +++ * | ip | protocol | salt | crypto(knet_header | data) | crypto_data_pad | hash | +++ * | onwire_len | +++ * | overhead_len | +++ * | data_len | +++ * | app MTU | +++ * +++ * knet_h->sec_block_size is >= 0 if encryption will pad the data +++ * knet_h->sec_salt_size is >= 0 if encryption is enabled +++ * knet_h->sec_hash_size is >= 0 if signing is enabled +++ */ +++ ++ data_len = onwire_len - overhead_len; ++ ++ if (knet_h->crypto_instance) { +diff --git a/debian/patches/udp-log-information-about-detected-kernel-MTU.patch b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch +new file mode 100644 +index 0000000..a28d3ad +--- /dev/null ++++ b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch +@@ -0,0 +1,22 @@ ++From: "Fabio M. Di Nitto" <fdini...@redhat.com> ++Date: Wed, 31 Jul 2019 14:15:07 +0200 ++Subject: [udp] log information about detected kernel MTU ++ ++Signed-off-by: Fabio M. Di Nitto <fdini...@redhat.com> ++(cherry picked from commit 84aed4bba304f40feb32a5c09885350756ab2d1d) ++--- ++ libknet/transport_udp.c | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c ++index 53d2ba0..be990bb 100644 ++--- a/libknet/transport_udp.c +++++ b/libknet/transport_udp.c ++@@ -337,6 +337,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd) ++ break; ++ } else { ++ knet_h->kernel_mtu = sock_err->ee_info; +++ log_debug(knet_h, KNET_SUB_TRANSP_UDP, "detected kernel MTU: %u", knet_h->kernel_mtu); ++ pthread_mutex_unlock(&knet_h->kmtu_mutex); ++ } ++ +diff --git a/debian/patches/series b/debian/patches/series +index e58890e..c5950b7 100644 +--- a/debian/patches/series ++++ b/debian/patches/series +@@ -75,3 +75,7 @@ crypto-hide-errors-generated-by-openssl-1.1.1c.patch + doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch + global-clarify-license-entry-per-file-to-match-README.lic.patch + global-update-copyrights.patch ++crypto-fix-log-information.patch ++udp-log-information-about-detected-kernel-MTU.patch ++docs-add-knet-packet-layout.patch ++PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch diff --git a/patches/series b/patches/series index 2c013fc..3f64ee5 100644 --- a/patches/series +++ b/patches/series @@ -3,3 +3,4 @@ 0003-cherry-pick-1.10-as-patches.patch 0004-add-libzstd-dev-to-build-depends.patch 0005-add-new-symbols-for-libknet-1.10.patch +0006-cherry-pick-pmtud-fixes.patch -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel