From patchwork Tue May 6 21:08:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4238 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:e147:b0:656:592e:a137 with SMTP id nw7csp3185872mab; Tue, 6 May 2025 14:10:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUn24FZpKxyW+unIkLMAkqyZ88TYd4Blodqbwz1YYJL8vLR7Dinwed1TUJmkq+dFXDHd7Oxj6TclmU=@openvpn.net X-Google-Smtp-Source: AGHT+IHE64KEKUjD/CvAyQ6XDzAvFgNJ5FI7KyR4cHlKXD3s6g/+3xRg0xn9aDo5aW5wfec0955L X-Received: by 2002:a05:6870:960d:b0:2b8:e6f2:ba7e with SMTP id 586e51a60fabf-2db5be5227cmr487553fac.12.1746565812354; Tue, 06 May 2025 14:10:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1746565812; cv=none; d=google.com; s=arc-20240605; b=LybjtcFZQkQUHpur3GmCiGSPxydOuw06jwTVVRYhAwEIhW/REch0xIRF9IQrmavxzB 1DJn4g4+ebdo+qpOZzfb9GnbripGcg497P5+Sg2AIBrysNKKYFGtwf8f2JSZGjR3xEmJ nItODEFg3Z5fZtSNCSRfwJQVU6RGiaNs34V5HKprwP5Uiua1uegpARoLPQCzT/reG2N4 X2wd4epYSnFZbUsxw9e/qLBOUGNInp1KqNKQH869qXiybfDsC0CeQlDA8X2qIC6wVuKb B1s/6ommI79TXe4w16ldr3OKHGebPUZSmre8IFniEWohCHB+gRDgQGYWnjHmYTYWbdos /ODA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=UcO2dxIUbAqk7BFyBTJpHH6FRhK0m3fsjXhWKpOlk6s=; fh=s6kREdza6PYt4bm7BoGx+dtr1TF62Dj/eMnOgHVy2aM=; b=Kxr5zyzWHmi/v0YgZgzYY5mo+btdasTRO6DowvaSyzCCo1GdDRuHQigYr1e0eljNPE vtH9U7y177cNahyx6j6cR1wnf2IgwRQ7SuqkQ3DtLvZuw+5GC0phKl51koHYGBftR7Q0 QBSQMxxgl0qh5Un2qulnm7ScEin2NCBP8NkWs24DFkdn0McaRNXQ54UBa5qzoOEYemjE t0vmqM9Ps7Mv6CkxBH9mWLukTzIAAJ/JiaMM5wtJKdkSUXQXYTGqrN0YXhxt1YHvDTuX dDeiyoIrqxs74uwqnXWdbXuA1p8SkWRzMjQbLMuD/VbxhE6g6Ue1tO++npn8ew8q38Kt GaTA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=i7sqEP3e; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=H4ZOG9rn; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ErJ6HjAb; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=20220809-q8oc header.b=eAj8J4DL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2db5d35657asi208163fac.226.2025.05.06.14.10.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 May 2025 14:10:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=i7sqEP3e; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=H4ZOG9rn; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ErJ6HjAb; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=20220809-q8oc header.b=eAj8J4DL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=UcO2dxIUbAqk7BFyBTJpHH6FRhK0m3fsjXhWKpOlk6s=; b=i7sqEP3eqekoyDGFJcqRa+Qu+s JjaJjgrKG+G8VHeC9DidyXohW9QsfOeITb6l+7nchNMnOngiYooN6pgBO3xUwsmg6byDVk0z/69Hf SYJhpUmgmZy4HTRecjCUdT8CpLY3l0uiwjZvIj98MMYaCXE+1UfV+vXhernl6ieookt0=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uCPYB-0006EE-K4; Tue, 06 May 2025 21:10:03 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uCPYA-0006E8-Co for openvpn-devel@lists.sourceforge.net; Tue, 06 May 2025 21:10:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lfxaQ1zmMkIo0/LcTLrWhyty+7CRNf3IHkpvbg4U+wc=; b=H4ZOG9rnOqoos4OpqImrVbJW+V WlxDC4ujsix2I+RD5pFH+2Iq7dCLAgoa8/xAROUjbNN/HrdnNd9czRcO2826L0jWHkwNXSXxtAUsx 2gtrSAtbD44rCmv+jOTtZ4My+SJZTJ/dJS/5tl+Za21lFNnSPpDExA+LhEj9b5XaKSis=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=lfxaQ1zmMkIo0/LcTLrWhyty+7CRNf3IHkpvbg4U+wc=; b=E rJ6HjAbAMf2Jul/k7Jrul0l+0iQmggPiKgS/IuMDD/FT4yMU8XfyucIZ19X+Yss1QLznGpxQv2AOS GFpOXN8+S761DqeE46HeHRNMR2Iz2gtp+fSxHK8+EvEf3pvOYCg2bLCt3EeGrESp9dLLIMJ6nJwiX 0ZoDp/qTRXqNo58Y=; Received: from wilbur.contactoffice.com ([212.3.242.68]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uCPXt-0002NG-EK for openvpn-devel@lists.sourceforge.net; Tue, 06 May 2025 21:10:02 +0000 Received: from smtpauth2.co-bxl (smtpauth2.co-bxl [10.2.0.24]) by wilbur.contactoffice.com (Postfix) with ESMTP id D9D4E52B3; Tue, 6 May 2025 23:09:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1746565778; s=20220809-q8oc; d=unstable.cc; i=a@unstable.cc; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Transfer-Encoding; bh=lfxaQ1zmMkIo0/LcTLrWhyty+7CRNf3IHkpvbg4U+wc=; b=eAj8J4DLvb7KubqZtGs6DsUdE9wwDTshrdveJQDEuuCtXCKPYfzO5j4i/sByzG8A tBnMhFd23Jl7p6nEjm5U0LUWH0SY+6Qklw1U/Indlawg+AhFA5xp9U2eHUYarhTnQ/2 nXMDF2N7ZZkc3tw9s8I1L1eT8vj6i68Qdj9lusFzz2MwhNIVle7I/5MixA0l7SNlXy7 MhYGHfdj0CYGtCjzpC3grNlkkf1bOlzHUuODkzKtmPWGSRqC1pas//2v/SnWlhCykSA C6XVQf6k1O5FE6p0nHZd0ba7whj+t0sV0pvtoQm0fzpjBfDbszj1CCJnPAxAGjfUvuT ltJSFopPvQ== Received: by smtp.mailfence.com with ESMTPSA ; Tue, 6 May 2025 23:09:36 +0200 (CEST) From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 6 May 2025 23:08:53 +0200 Message-ID: <20250506210853.10585-1-a@unstable.cc> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-ContactOffice-Account: com:375058688 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli IPv6 user packets (sent over the tunnel) may be larger than the outgoing interface MTU after encapsulation. When this happens ovpn should allow the kernel to fragment them because they are "locally ge [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.3.242.68 listed in sa-accredit.habeas.com] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: unstable.cc] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.3.242.68 listed in bl.score.senderscore.com] X-Headers-End: 1uCPXt-0002NG-EK Subject: [Openvpn-devel] [PATCH ovpn-net-next] ovpn: set skb->ignore_df = 1 before sending IPv6 packets out X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gert Doering , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1831406993386638149?= X-GMAIL-MSGID: =?utf-8?q?1831406993386638149?= From: Antonio Quartulli IPv6 user packets (sent over the tunnel) may be larger than the outgoing interface MTU after encapsulation. When this happens ovpn should allow the kernel to fragment them because they are "locally generated". To achieve the above, we must set skb->ignore_df = 1 so that ip6_fragment() can be made aware of this decision. Failing to do so will result in ip6_fragment() dropping the packet thinking it was "routed". Reported-by: Gert Doering Signed-off-by: Antonio Quartulli Tested-By: Gert Doering Acked-By: Gert Doering Tested-By: Gert Doering Acked-By: Gert Doering --- drivers/net/ovpn/udp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index c9e189056f33..aef8c0406ec9 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -262,6 +262,16 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, dst_cache_set_ip6(cache, dst, &fl.saddr); transmit: + /* user IPv6 packets may be larger than the transport interface + * MTU (after encapsulation), however, since they are locally + * generated we should ensure they get fragmented. + * Setting the ignore_df flag to 1 will instruct ip6_fragment() to + * fragment packets if needed. + * + * NOTE: this is not needed for IPv4 because we pass df=0 to + * udp_tunnel_xmit_skb() + */ + skb->ignore_df = 1; udp_tunnel6_xmit_skb(dst, sk, skb, skb->dev, &fl.saddr, &fl.daddr, 0, ip6_dst_hoplimit(dst), 0, fl.fl6_sport, fl.fl6_dport, udp_get_no_check6_tx(sk));