Re: [PATCH 3.12 122/127] drivers/net: Disable UFO through virtio
From: Ben Hutchings
Date: Wed Nov 30 2016 - 18:54:16 EST
On Fri, 2016-11-25 at 09:30 +0100, Jiri Slaby wrote:
> From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
>
> 3.12-stable review patch.ÂÂIf anyone has any objections, please let me know.
This was reverted upstream (and in the only stable branch it was
applied to). 3.12 already has the compatible fix (commit
30ab1cf8b31d).
Ben.
> ===============
>
> commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 upstream.
>
> IPv6 does not allow fragmentation by routers, so there is no
> fragmentation ID in the fixed header.ÂÂUFO for IPv6 requires the ID to
> be passed separately, but there is no provision for this in the virtio
> net protocol.
>
> Until recently our software implementation of UFO/IPv6 generated a new
> ID, but this was a bug.ÂÂNow we will use ID=0 for any UFO/IPv6 packet
> passed through a tap, which is even worse.
>
> Unfortunately there is no distinction between UFO/IPv4 and v6
> features, so disable UFO on taps and virtio_net completely until we
> have a proper solution.
>
> We cannot depend on VM managers respecting the tap feature flags, so
> keep accepting UFO packets but log a warning the first time we do
> this.
>
> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
[...]
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
Attachment:
signature.asc
Description: This is a digitally signed message part