microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net/ipv6
История
Lina Wang 189bdde30b xfrm: fix tunnel model fragmentation behavior 
[ Upstream commit 4ff2980b6b ]

in tunnel mode, if outer interface(ipv4) is less, it is easily to let
inner IPV6 mtu be less than 1280. If so, a Packet Too Big ICMPV6 message
is received. When send again, packets are fragmentized with 1280, they
are still rejected with ICMPV6(Packet Too Big) by xfrmi_xmit2().

According to RFC4213 Section3.2.2:
if (IPv4 path MTU - 20) is less than 1280
	if packet is larger than 1280 bytes
		Send ICMPv6 "packet too big" with MTU=1280
                Drop packet
        else
		Encapsulate but do not set the Don't Fragment
                flag in the IPv4 header.  The resulting IPv4
                packet might be fragmented by the IPv4 layer
                on the encapsulator or by some router along
                the IPv4 path.
	endif
else
	if packet is larger than (IPv4 path MTU - 20)
        	Send ICMPv6 "packet too big" with
                MTU = (IPv4 path MTU - 20).
                Drop packet.
        else
                Encapsulate and set the Don't Fragment flag
                in the IPv4 header.
        endif
endif
Packets should be fragmentized with ipv4 outer interface, so change it.

After it is fragemtized with ipv4, there will be double fragmenation.
No.48 & No.51 are ipv6 fragment packets, No.48 is double fragmentized,
then tunneled with IPv4(No.49& No.50), which obey spec. And received peer
cannot decrypt it rightly.

48              2002::10        2002::11 1296(length) IPv6 fragment (off=0 more=y ident=0xa20da5bc nxt=50)
49   0x0000 (0) 2002::10        2002::11 1304         IPv6 fragment (off=0 more=y ident=0x7448042c nxt=44)
50   0x0000 (0) 2002::10        2002::11 200          ESP (SPI=0x00035000)
51              2002::10        2002::11 180          Echo (ping) request
52   0x56dc     2002::10        2002::11 248          IPv6 fragment (off=1232 more=n ident=0xa20da5bc nxt=50)

xfrm6_noneed_fragment has fixed above issues. Finally, it acted like below:
1   0x6206 192.168.1.138   192.168.1.1 1316 Fragmented IP protocol (proto=Encap Security Payload 50, off=0, ID=6206) [Reassembled in #2]
2   0x6206 2002::10        2002::11    88   IPv6 fragment (off=0 more=y ident=0x1f440778 nxt=50)
3   0x0000 2002::10        2002::11    248  ICMPv6    Echo (ping) request

Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-04-08 14:22:46 +02:00
..
ila net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
netfilter netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 2021-10-14 23:08:35 +02:00
Kconfig ipv6: ioam: Support for IOAM injection with lwtunnels 2021-07-21 08:14:33 -07:00
Makefile ipv6: ioam: Support for IOAM injection with lwtunnels 2021-07-21 08:14:33 -07:00
addrconf.c ipv6: prevent a possible race condition with lifetimes 2022-03-16 14:23:41 +01:00
addrconf_core.c ipv6: add ipv6_dev_find to stubs 2021-03-30 13:29:39 -07:00
addrlabel.c ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init 2020-11-25 11:20:16 -08:00
af_inet6.c net: ipv6: add fib6_nh_release_dsts stub 2021-12-01 09:04:49 +01:00
ah6.c xfrm: remove hdr_offset indirection 2021-06-11 14:48:50 +02:00
anycast.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-07-30 16:30:55 -07:00
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-04 15:26:57 -08:00
datagram.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
esp6.c esp6: fix check on ipv6_skip_exthdr's return value 2022-03-23 09:16:41 +01:00
esp6_offload.c esp: Fix BEET mode inter address family tunneling on GSO 2022-03-16 14:23:36 +01:00
exthdrs.c ipv6: exthdrs: get rid of indirect calls in ip6_parse_tlv() 2021-08-04 10:34:40 +01:00
exthdrs_core.c ipv6: remove printk 2019-07-27 14:23:48 -07:00
exthdrs_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
fib6_notifier.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib6_rules.c ipv6: fix memory leak in fib6_rule_suppress 2021-12-08 09:04:43 +01:00
fou6.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
icmp.c icmp: ICMPV6: Examine invoking packet for Segment Route Headers. 2022-01-27 11:05:05 +01:00
inet6_connection_sock.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
inet6_hashtables.c net: prefer socket bound to interface when not in VRF 2021-10-07 07:27:55 -07:00
ioam6.c ipv6: ioam: move the check for undefined bits 2021-10-12 11:49:49 +01:00
ioam6_iptunnel.c ipv6: ioam: move the check for undefined bits 2021-10-12 11:49:49 +01:00
ip6_checksum.c net: udp: fix handling of CHECKSUM_COMPLETE packets 2018-10-24 14:18:16 -07:00
ip6_fib.c ipv6: annotate accesses to fn->fn_sernum 2022-02-01 17:27:09 +01:00
ip6_flowlabel.c ipv6: per-netns exclusive flowlabel checks 2022-02-23 12:03:10 +01:00
ip6_gre.c xfrm: fix policy lookup for ipv6 gre packets 2022-01-27 11:05:14 +01:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
ip6_input.c ipv6: weaken the v4mapped source check 2021-03-18 11:19:23 -07:00
ip6_offload.c gso: do not skip outer ip header in case of ipip and net_failover 2022-03-02 11:47:56 +01:00
ip6_offload.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6_output.c net: ipv6: fix skb_over_panic in __ip6_append_data 2022-03-28 09:58:42 +02:00
ip6_tunnel.c ipv6_tunnel: Rate limit warning messages 2022-02-01 17:27:07 +01:00
ip6_udp_tunnel.c net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
ip6_vti.c ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate 2022-01-11 15:35:17 +01:00
ip6mr.c ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path 2022-02-16 12:56:29 +01:00
ipcomp6.c xfrm: remove hdr_offset indirection 2021-06-11 14:48:50 +02:00
ipv6_sockglue.c net/ipv4/ipv6: Replace one-element arraya with flexible-array members 2021-08-05 11:46:42 +01:00
mcast.c ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() 2022-03-08 19:12:33 +01:00
mcast_snoop.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
mip6.c xfrm: ipv6: move mip6_rthdr_offset into xfrm core 2021-06-11 14:48:50 +02:00
ndisc.c ipv6: add IFLA_INET6_RA_MTU to expose mtu value 2021-08-27 17:29:18 -07:00
netfilter.c netfilter: Dissect flow after packet mangling 2021-04-18 22:04:16 +02:00
output_core.c ipv6: use prandom_u32() for ID generation 2021-05-31 22:12:08 -07:00
ping.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
proc.c net: udp: introduce UDP_MIB_MEMERRORS for udp_mem 2020-11-09 15:34:44 -08:00
protocol.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
raw.c ipv6: raw: check passed optlen before reading 2022-01-11 15:35:18 +01:00
reassembly.c ipv6: record frag_max_size in atomic fragments in input path 2021-05-21 15:02:25 -07:00
route.c ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt 2022-02-23 12:03:10 +01:00
rpl.c net: ipv6: rpl*: Fix strange kerneldoc warnings due to bad header 2020-10-30 12:12:52 -07:00
rpl_iptunnel.c net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh() 2020-12-08 16:22:54 -08:00
seg6.c icmp: ICMPV6: Examine invoking packet for Segment Route Headers. 2022-01-27 11:05:05 +01:00
seg6_hmac.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
seg6_iptunnel.c seg6: fix the iif in the IPv6 socket control block 2021-12-14 10:57:09 +01:00
seg6_local.c seg6: export get_srh() for ICMP handling 2022-01-27 11:05:05 +01:00
sit.c sit: do not call ipip6_dev_free() from sit_init_net() 2021-12-22 09:32:44 +01:00
syncookies.c selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
sysctl_net_ipv6.c ipv6: ioam: Data plane support for Pre-allocated Trace 2021-07-21 08:14:33 -07:00
tcp_ipv6.c inet: fully convert sk->sk_rx_dst to RCU rules 2021-12-29 12:28:42 +01:00
tcpv6_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tunnel6.c tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels 2020-07-09 12:52:37 +02:00
udp.c udp6: Use Segment Routing Header for dest address if present 2022-01-27 11:05:05 +01:00
udp_impl.h net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
udp_offload.c udp: properly complete L4 GRO over UDP tunnel packet 2021-03-30 17:06:49 -07:00
udplite.c net/ipv6: remove compat_ipv6_{get,set}sockopt 2020-07-19 18:16:41 -07:00
xfrm6_input.c xfrm: state: remove extract_input indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-04-08 14:22:46 +02:00
xfrm6_policy.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2019-12-24 22:28:54 -08:00
xfrm6_protocol.c xfrm: add support for UDPv6 encapsulation of ESP 2020-04-28 11:28:36 +02:00
xfrm6_state.c xfrm: remove output_finish indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm6_tunnel.c xfrm: remove description from xfrm_type struct 2021-06-09 09:38:52 +02:00