From patchwork Mon Aug 8 01:27:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2639 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eJyfLYLz8GLMCwAAIUCqbw (envelope-from ) for ; Mon, 08 Aug 2022 07:29:06 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id sM6jLYLz8GLGCQAAfY0hYg (envelope-from ) for ; Mon, 08 Aug 2022 07:29:06 -0400 Received: from smtp35.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id 2PN5LYLz8GLcFgAAgjf6aA (envelope-from ) for ; Mon, 08 Aug 2022 07:29:06 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 4fa17cf2-170d-11ed-8c0e-525400a7b7b4-1-1 Received: from [216.105.38.7] ([216.105.38.7:51512] helo=lists.sourceforge.net) by smtp35.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BC/65-01478-283F0F26; Mon, 08 Aug 2022 07:29:06 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oL0vI-00025P-5r; Mon, 08 Aug 2022 11:27:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oL0vG-00025E-AY for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 11:27:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4+Mk+9yqGMdo9L4R4Vr4m6mR0UoP3OiSmZ1hGNmYZE4=; b=gD7j0fobcbF21HKo9ozGrfP6f0 nJ/x41MrvBgLpUV14E/MGykb0AwrM9r54PN3XY+OH7L6JJDAcO2ujVmHRu6jhfdM2XA2WQvs4+LvP /RJtYuc5b5l+C39WggRFSAzHj41Z75yduK2wef4zS0Eg4lkX81g2PWAcOZzPv1oK6IuE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=4+Mk+9yqGMdo9L4R4Vr4m6mR0UoP3OiSmZ1hGNmYZE4=; b=C O4LkUvnqVzPlK+LLnRMA+VVIulI5L6+kjxgwXEWD4iiEJV63ZZVeq0ktBTc7rIR+uxuFdUcZu3FKG WYJN7XBi8pNK2aeI95+cyyI0cjLi39Y1yXv052Xdq466FwIFUAnE6dTJ1qSp0wlpwEws2uGSfVesb hHf5HQzpuVKXmsSw=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oL0vB-0005ZA-JA for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 11:27:50 +0000 Received: from ubuntu2004.ov.greenie.net (ubuntu2004.ov.greenie.net [IPv6:2001:608:1:995a:250:56ff:febb:2084]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 278BRcEW034063 for ; Mon, 8 Aug 2022 13:27:38 +0200 (CEST) Received: (nullmailer pid 1908681 invoked by uid 1000); Mon, 08 Aug 2022 11:27:38 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Aug 2022 13:27:38 +0200 Message-Id: <20220808112738.1908633-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Mon, 08 Aug 2022 13:27:38 +0200 (CEST) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: If the inside packet is fragmented already, Linux kernel hands us packets with skb->ignore_df=0. Since this is applied to the encapsulated packet, the kernel will then refuse to fragment the resulting [...] Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1oL0vB-0005ZA-JA Subject: [Openvpn-devel] [PATCH] Ensure outer IPv6 (proto udp6) packets can be fragmitted on sending. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox If the inside packet is fragmented already, Linux kernel hands us packets with skb->ignore_df=0. Since this is applied to the encapsulated packet, the kernel will then refuse to fragment the resulting UDP/IPv6 packet (for IPv4, it seems to look at the actual DF bit, which does not exist for IPv6). Always set ignore_df=1 in the udp6 output path. Fixes t_client tests with "ping -s 3000" across UDP6 tunnels. Signed-off-by: Gert Doering --- drivers/net/ovpn-dco/udp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ovpn-dco/udp.c b/drivers/net/ovpn-dco/udp.c index 4c54068..9416338 100644 --- a/drivers/net/ovpn-dco/udp.c +++ b/drivers/net/ovpn-dco/udp.c @@ -215,6 +215,9 @@ static int ovpn_udp6_output(struct ovpn_struct *ovpn, struct ovpn_bind *bind, dst_cache_set_ip6(cache, dst, &fl.saddr); transmit: + /* always permit openvpn-created packets to be (outside) fragmented */ + skb->ignore_df = 1; + udp_tunnel6_xmit_skb(dst, sk, skb, skb->dev, &fl.saddr, &fl.daddr, 0, ip6_dst_hoplimit(dst), 0, fl.fl6_sport, fl.fl6_dport, udp_get_no_check6_tx(sk));