superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include
History
Ilya Maximets a9888628cb net: dst_metadata: fix IP_DF bit not extracted from tunnel headers 
Both OVS and TC flower allow extracting and matching on the DF bit of
the outer IP header via OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT in the
OVS_KEY_ATTR_TUNNEL and TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT in
the TCA_FLOWER_KEY_ENC_FLAGS respectively.  Flow dissector extracts
this information as FLOW_DIS_F_TUNNEL_DONT_FRAGMENT from the tunnel
info key.

However, the IP_TUNNEL_DONT_FRAGMENT_BIT in the tunnel key is never
actually set, because the tunneling code doesn't actually extract it
from the IP header.  OAM and CRIT_OPT are extracted by the tunnel
implementation code, same code also sets the KEY flag, if present.
UDP tunnel core takes care of setting the CSUM flag if the checksum
is present in the UDP header, but the DONT_FRAGMENT is not handled at
any layer.

Fix that by checking the bit and setting the corresponding flag while
populating the tunnel info in the IP layer where it belongs.

Not using __assign_bit as we don't really need to clear the bit in a
just initialized field.  It also doesn't seem like using __assign_bit
will make the code look better.

Clearly, users didn't rely on this functionality for anything very
important until now.  The reason why this doesn't break OVS logic is
that it only matches on what kernel previously parsed out and if kernel
consistently reports this bit as zero, OVS will only match on it to be
zero, which sort of works.  But it is still a bug that the uAPI reports
and allows matching on the field that is not actually checked in the
packet.  And this is causing misleading -df reporting in OVS datapath
flows, while the tunnel traffic actually has the bit set in most cases.

This may also cause issues if a hardware properly implements support
for tunnel flag matching as it will disagree with the implementation
in a software path of TC flower.

Fixes: 7d5437c709 ("openvswitch: Add tunneling interface.")
Fixes: 1d17568e74 ("net/sched: cls_flower: add support for matching tunnel control flags")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20250909165440.229890-2-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-09-14 14:28:12 -07:00
..
acpi mailbox/pcc: support mailbox management of the shared buffer 2025-08-07 23:49:56 -05:00
asm-generic Deferred unwind changes for 6.17 2025-08-01 09:46:24 -07:00
clocksource
crypto This push fixes a regression that breaks hmac(sha3-224-s390). 2025-08-09 07:26:19 +03:00
cxl
drm drm/gpuvm: fix various typos in .c and .h gpuvm file 2025-08-25 21:48:50 +02:00
dt-bindings Pin control changes for v6.17 2025-08-02 12:07:09 -07:00
hyperv
keys
kunit
kvm
linux Including fixes from CAN, netfilter and wireless. 2025-09-11 08:54:42 -07:00
math-emu
media
memory
misc
net net: dst_metadata: fix IP_DF bit not extracted from tunnel headers 2025-09-14 14:28:12 -07:00
pcmcia pcmcia: remove PCCARD_IODYN 2025-08-16 15:37:47 +02:00
ras
rdma
rv
scsi
soc This is the usual collection of primarily clk driver updates. The big part of 2025-07-31 13:36:27 -07:00
sound ASoC: Fixes for v6.17 2025-08-21 09:02:28 +02:00
target
trace tracing changes for 6.17 2025-08-01 10:29:36 -07:00
uapi netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX 2025-09-04 09:19:25 +02:00
ufs
vdso
video
xen Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
Kbuild