| Message ID | 20250701124744.259472-1-ralf@mandelbit.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:3846:b0:671:5a2c:6455 with SMTP id n6csp3180586mal;
Tue, 1 Jul 2025 06:14:24 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCWvLpKpuwYqAqvpbeExaOCNIYJN3hDw1Ns6mssl6krc44RzUTVk40V5vVjA3F0bhgmCwUtmLlzOhto=@openvpn.net
X-Google-Smtp-Source:
AGHT+IHYYaTwHHqUMvZOjE7WtAAYjG9gbHLVP6TH2LM/2CcFVDbEskzQIxUutumcm9PoClfazyDO
X-Received: by 2002:a05:6870:a99c:b0:2cf:bc73:7bb2 with SMTP id
586e51a60fabf-2efed4bca6bmr14048290fac.14.1751375663795;
Tue, 01 Jul 2025 06:14:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1751375663; cv=none;
d=google.com; s=arc-20240605;
b=LD33SJXMl+aYoP9MjKESxB5MZ4SnqeCOswNZByQ9xW2AT1QCRILBG3NYz1TtAeS7Rv
xc0eMajIcYPW2haB0iJ9aNc/pnZ6XiHv3AAY5uH7uKtWGEf/jDHbT+znKfVLJroly+4i
PPiUL7Cd7ZTPpSidzgxErXpdP1d9FOQXEhLii65ntlfb1IuOE2gXbZKHER4asNBWsxn/
4O+jx03M8orplmE3Tuy4u68TRd/hXlr+e/VZjB/whAsvzMOSGp3AjbaTbhGlxwl3OUyL
BWaaglSw8RLUs0vQRKwPqPa9cybBp70Lx6VF+kyxZXjKYmvu6QBO/x2ByDEls8tyi12k
G8MQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:message-id:date:to:from:dkim-signature:dkim-signature
:dkim-signature:dkim-signature;
bh=sqAhndx9EO2xEQ9qmBXAAd3+bYiU8tQEYBDtbUUC4Yk=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=dESuA3M942uipNMDb/DfDTK0e6gJXW1jJhA8nzumP0079ov4OUZBzgT8Af1Wc01iu0
rW00vBomCoMsncYdt5JsNWy+IWbk210IGAyqAsyudM0bE5E6SafMovOxajSwemfrHot4
Rjl5ce4P4CetQyZB27pcOMQx7XqqK7smAN7iqRWaiSTLSJnXEMJGe8cbhnZwqJE8Dd5+
w7/myiR6Acd1VSjgKsk5j8gTqgpZAj41r+P55Oe/k4GPCRw0y2Dqts3G40Msngsk0fn3
Wc2f8hOgk+n1Io3y6kngoTcWguQJQfe+fnzHQnBcFC0ehS8xsSWxyJmRpuiJIclYs+AP
Jrxg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=aKnXSBWM;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=NW7Jo0OC;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=WOrGmLpK;
dkim=neutral (body hash did not verify) header.i=@mandelbit.com
header.s=google header.b=OZV1jIpa;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dara=fail header.i=@openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
586e51a60fabf-2efd4fdb819si8517039fac.205.2025.07.01.06.14.23
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 01 Jul 2025 06:14:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=aKnXSBWM;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=NW7Jo0OC;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=WOrGmLpK;
dkim=neutral (body hash did not verify) header.i=@mandelbit.com
header.s=google header.b=OZV1jIpa;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dara=fail header.i=@openvpn.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Owner;
bh=sqAhndx9EO2xEQ9qmBXAAd3+bYiU8tQEYBDtbUUC4Yk=; b=aKnXSBWMEqqXz6Hy8DUeQ7xugi
9cxkTiu6fH2UQl0FVWqWZyZ2goK5lXkZP5WE8SmUd8JxfSdrAnChykAPex+LXVHe2+FbGH8GbdGx5
fhMNCc52w8A+rb5susBbdrJqTKITjR+THByv+dKIiNw12HZUCL572N7tRfPTsQR2u8pE=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1uWaoU-0006XS-LC;
Tue, 01 Jul 2025 13:14:18 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <ralf@mandelbit.com>) id 1uWaoT-0006XJ-3R
for openvpn-devel@lists.sourceforge.net;
Tue, 01 Jul 2025 13:14:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID:
Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=wQ97DdyX0DM4R22557cy9JzgCUkXAtbdMmfpnrwvZyM=; b=NW7Jo0OCJp+zq9aamlWqSnHiPO
WS95WsJsfESdlD5oDOZa8pa7ezIYsg5W7dC6oN5E7uOsk9ocC2CY3t/yUtRos6ljZzfZQmieH19EP
u8GHOvzxzPnLEFwkx8Lq0GeIRRobyKh/H7zO1xzAe0hvkn936TP8mGtCv0KpkdcFMJe0=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From
:Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=wQ97DdyX0DM4R22557cy9JzgCUkXAtbdMmfpnrwvZyM=; b=W
OrGmLpK5IrV0VZA/VxUIR8ii3owd98zMDmGJz+BG35j6wCw6Bb7rzsIIHt6xNPT8adB4zg0S7U4RK
4OSZYVWAYVQ3+P9BpLaFOvN6p8wcGgUZzFC1TgnCbWwDUKuWCdm+9Ad8yQdTJX3BbLYZgNIoR4CXz
7p//BjeI1XaQmgQU=;
Received: from mail-lf1-f54.google.com ([209.85.167.54])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1uWaoR-0003SW-TO for openvpn-devel@lists.sourceforge.net;
Tue, 01 Jul 2025 13:14:17 +0000
Received: by mail-lf1-f54.google.com with SMTP id
2adb3069b0e04-553dceb345eso3873396e87.1
for <openvpn-devel@lists.sourceforge.net>;
Tue, 01 Jul 2025 06:14:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mandelbit.com; s=google; t=1751375644; x=1751980444;
darn=lists.sourceforge.net;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=wQ97DdyX0DM4R22557cy9JzgCUkXAtbdMmfpnrwvZyM=;
b=OZV1jIpa+TXsHwWXd9VZ4r0IuNj+92bd0FrZY6MrM/scXoLZPm0SeyZVzy0NCOVJ7i
A29gN70csgBrRwfj/EiOOeZcEP6WjYUMqcHsnvSsRh6hASU1LO/rTNtgC8Vpfdhw4TDs
uoaWfFmfpo2ium9rk847JgxSRcBuAI0T78oQYlPiZzunUTqWdvsRTPh5RL2cY4tNipAh
3QrSiqqbSL/li1nuO1mMiHx/7dp0G77fnzF6PkQbjG0ShnjLJ+AVJJsaATzt24i5rI9L
gXh1iOOEd9hiNde7H5Wst59ch7UfKXIR3Q5FOjZK2m5GOhtBi3A77tKpRUaCsCC7Po9s
seuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1751375644; x=1751980444;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=wQ97DdyX0DM4R22557cy9JzgCUkXAtbdMmfpnrwvZyM=;
b=MHlcjBkvR4Iy4kMRNCXOa+V1Ar1zssMarEbsCxXJ3GyDReQYEqS2lNkedM2j5f3aax
WXPEeBt71sXK9FUVdpX6BVxeN1QD/WzMVMxuTy1z2XJKXbnIAe2Q7/k3NxuHk+O/m/V7
s2aFqdCeNW79bypUX78QTsE2T/Vhd9mxZqfPcUZiRLS0CGO76rv9TJOPNVn8p76OLkz6
36mJ8WwAKoj9NJP3g6icf0eN25E9A1GsTIr/P7FmN+je2vRdhAGnNURqsNFnttnXynQk
xkU1K/oAEREFBM2TTZb+V9jUwSN5EPreAHBmMsBxwJURQCo/3e1bWSQfg2xcCO59anhf
X7uQ==
X-Gm-Message-State: AOJu0Yz03/40O/5VME71fXUPkFnC1FXSxy+mGJzm9vNjb4HHQHd0+LSp
UbfYKO41MYpIZQjjU0XEQ82943gUugSA8QgJgS02NR/O0cpUlk6CeYC39+Pl5iX39FoW/dhHtbC
g1+JXRKo=
X-Gm-Gg: ASbGncu/n6CBqmB7jNqLdjKD4ADqp+ruMHOYy2awLggqQnoUkMHNlWb6kZLq+0igXkh
pQGwFbuxCkOJbTzwHdVgoPNMJjFtIU2dvCsxyjE29ZXoFDFm045I852DDuzc3P0maj8iO8cs6dK
Qwj9y5ttsWzqhuC6ZdudcYKfy25RdiVNvvWk7CSszT7m2dznyVddW3wH/7TXZwrICsVGUqrzols
k85I2lFT/lnofJYVn+b+gg8tkixQAWYXWRitCubzotHl3XfzYHrHu7LQSA573X6zfnePW7Y2QHY
cWT9phw+viwNqfKf03qwe9uoPefxVenpfM27gAHzNnKIpkbrsFj6Ah5Y
X-Received: by 2002:a05:6000:2311:b0:3a4:dfc2:bb60 with SMTP id
ffacd0b85a97d-3a8f54a07bcmr15746747f8f.26.1751374076053;
Tue, 01 Jul 2025 05:47:56 -0700 (PDT)
Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8])
by smtp.gmail.com with ESMTPSA id
5b1f17b1804b1-453822c6b9fsm194561505e9.0.2025.07.01.05.47.55
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 01 Jul 2025 05:47:55 -0700 (PDT)
From: Ralf Lici <ralf@mandelbit.com>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 1 Jul 2025 14:47:44 +0200
Message-ID: <20250701124744.259472-1-ralf@mandelbit.com>
X-Mailer: git-send-email 2.50.0
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-1.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: The ovpn_netdev_write() function is responsible for
injecting
decapsulated and decrypted packets back into the local network stack. Prior
to this change, the skb could retain GSO metadata from the out [...]
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.54 listed in wl.mailspike.net]
X-Headers-End: 1uWaoR-0003SW-TO
Subject: [Openvpn-devel] [PATCH ovpn-net-next] ovpn: reset GSO metadata
after decapsulation
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1836450488279488054?=
X-GMAIL-MSGID: =?utf-8?q?1836450488279488054?=
|
| Series |
[Openvpn-devel,ovpn-net-next] ovpn: reset GSO metadata after decapsulation
|
expand
|
Hi On Tue, Jul 01, 2025 at 02:47:44PM +0200, Ralf Lici wrote: > By calling skb_gso_reset(skb) we ensure the inner packet is presented to > gro_cells_receive() with a clean slate, correctly indicating it is an > individual packet from the perspective of the local stack. Amazing find. I have tested this on my ubuntu 20.04 (backports) testbed that had the "large ping tcp instance -> udp instance fail", and now everything succeeds (this patch applied to "DCO version: ovpn-net-next/net-6.15.0-8f0bda6"). Tested-By: Gert Doering <gert@greenie.muc.de> gert
diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index ebf1e849506b..3e9e7f8444b3 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -62,6 +62,13 @@ static void ovpn_netdev_write(struct ovpn_peer *peer, struct sk_buff *skb) unsigned int pkt_len; int ret; + /* + * GSO state from the transport layer is not valid for the tunnel/data + * path. Reset all GSO fields to prevent any further GSO processing + * from entering an inconsistent state. + */ + skb_gso_reset(skb); + /* we can't guarantee the packet wasn't corrupted before entering the * VPN, therefore we give other layers a chance to check that */
The ovpn_netdev_write() function is responsible for injecting decapsulated and decrypted packets back into the local network stack. Prior to this change, the skb could retain GSO metadata from the outer, encrypted tunnel packet. This original GSO metadata, relevant to the sender's context for the tunnel, becomes invalid and misleading for the local receive path once the inner packet is exposed. Leaving this stale metadata intact causes internal GSO validation checks further down the kernel's network stack (validate_xmit_skb()) to fail, leading to packet drops. The reasons for these failures vary by protocol, for example: - for ICMP, no offload handler is registered; - for TCP and UDP, the respective offload handlers return errors when comparing skb->len to the outdated skb_shinfo(skb)->gso_size. By calling skb_gso_reset(skb) we ensure the inner packet is presented to gro_cells_receive() with a clean slate, correctly indicating it is an individual packet from the perspective of the local stack. This change eliminates the "Driver has suspect GRO implementation, TCP performance may be compromised" warning and improves overall TCP performance by allowing GSO/GRO to function as intended on the decapsulated traffic. (Note: UDP GSO is not currently supported in ovpn) Signed-off-by: Ralf Lici <ralf@mandelbit.com> --- drivers/net/ovpn/io.c | 7 +++++++ 1 file changed, 7 insertions(+)