From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 4D9535A0274 for ; Wed, 5 Jul 2023 05:27:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1688527642; bh=6yk1LMETlZqN2kiyWMr5EO7XjE7ebGfUC+kl1Ceo+iE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RdVYuNrubpkkvqqn+Eae+8s1C+Bk2LYwofykjBd4Qgvsw66cCtm3YWR/bN2xLKaB+ ULIkaWmq5UgoD7BO+xVUPLILEHIgfhMK8/lqYXO/3B9tOAq+/quvMglMiX478W1Ar1 IFQU9hl6UOhzA2X8aOuXLlCcA2TX9ZAd+C3oq+1E= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4QwlTQ3mYzz4wqZ; Wed, 5 Jul 2023 13:27:22 +1000 (AEST) Date: Wed, 5 Jul 2023 11:04:27 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] tap: Explicitly drop IPv4 fragments, and give a warning Message-ID: References: <20230704043623.1143288-1-david@gibson.dropbear.id.au> <20230704132104.48106368@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XJFwXASvPMQdTrHb" Content-Disposition: inline In-Reply-To: <20230704132104.48106368@elisabeth> Message-ID-Hash: SMXOVOFOALROQ3CHCZWNNVYHUJXMI7VX X-Message-ID-Hash: SMXOVOFOALROQ3CHCZWNNVYHUJXMI7VX X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --XJFwXASvPMQdTrHb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 04, 2023 at 01:21:04PM +0200, Stefano Brivio wrote: > On Tue, 4 Jul 2023 14:36:23 +1000 > David Gibson wrote: >=20 > > We don't handle defragmentation of IP packets coming from the tap side, > > and we're unlikely to any time soon (with our large MTU, it's not useful > > for practical use cases). Currently, however, we simply ignore the > > fragmentation flags and treat fragments as though they were whole IP > > packets. This isn't ideal and can lead to rather cryptic behaviour if = we > > do receive IP fragments. > >=20 > > Change the code to explicitly drop fragmented packets, and print a rate > > limited warning if we do encounter them. > >=20 > > Bugzilla: https://bugs.passt.top/show_bug.cgi?id=3D62 >=20 > By the way, I silently replaced those with "Link:" in the past, just in > case we want to automate something around it one day, to avoid > differences between references to different bug trackers. Oh, ok. I'll keep that in mind. > Once upon a time, I wrote some scripting to automatically link HTML > reports with (Linux kernel) commits to bug trackers, and it was quite > painful to discover all possible spellings of "Bugzilla" plus a few > others, hence my thought. But let me know if something speaks against > this. No, that makes sense. > > Signed-off-by: David Gibson > > --- > > tap.c | 31 +++++++++++++++++++++++++++++++ > > 1 file changed, 31 insertions(+) > >=20 > > diff --git a/tap.c b/tap.c > > index e3235299..2e6939fa 100644 > > --- a/tap.c > > +++ b/tap.c > > @@ -62,6 +62,7 @@ static PACKET_POOL_NOINIT(pool_tap4, TAP_MSGS, pkt_bu= f); > > static PACKET_POOL_NOINIT(pool_tap6, TAP_MSGS, pkt_buf); > > =20 > > #define TAP_SEQS 128 /* Different L4 tuples in one batch */ > > +#define FRAGMENT_MSG_RATE 10 /* # seconds between fragment warnings */ > > =20 > > /** > > * tap_send() - Send frame, with qemu socket header if needed > > @@ -543,6 +544,32 @@ static void tap_packet_debug(const struct iphdr *i= ph, > > } > > } > > =20 > > +/** > > + * tap4_is_fragment() - Determine if a packet is an IP fragment >=20 > This is actually independent from the "tap" "side", it could also be > e.g. ipv4_is_fragment(), in util.c. Not a strong preference though, I > guess we can also merge it as it is. Well.. the detection of fragments is independent, but the warning message is specific to tap. I'm inclined to leave it as is, at least until we have a need for this logic somewhere else, at which point we can refactor. >=20 > > + * @iph: IPv4 header (length already validated) > > + * @now: Current timestamp > > + * > > + * Return: true if iph is an IP fragment, false otherwise > > + */ > > +static bool tap4_is_fragment(const struct iphdr *iph, > > + const struct timespec *now) > > +{ > > + if (iph->frag_off & ~IP_DF) { > > + /* Ratelimit messages */ > > + static time_t last_message; > > + static unsigned num_dropped; > > + > > + num_dropped++; > > + if (now->tv_sec - last_message > FRAGMENT_MSG_RATE) { > > + warn("Can't process IPv4 fragments (%lu dropped)", num_dropped); > > + last_message =3D now->tv_sec; > > + num_dropped =3D 0; > > + } > > + return true; > > + } > > + return false; > > +} > > + > > /** > > * tap4_handler() - IPv4 and ARP packet handler for tap file descriptor > > * @c: Execution context > > @@ -591,6 +618,10 @@ resume: > > hlen > l3_len) > > continue; > > =20 > > + /* We don't handle IP fragments, drop them */ > > + if (tap4_is_fragment(iph, now)) > > + continue; > > + > > l4_len =3D l3_len - hlen; > > =20 > > if (iph->saddr && c->ip4.addr_seen.s_addr !=3D iph->saddr) { >=20 --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --XJFwXASvPMQdTrHb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmSkwZMACgkQzQJF27ox 2Ge9HQ/+Iaf+gtCnMsI4lL05zaVtvQv4wbbNw62DgpSE+7l7D4b5Q7Cgk08bzoQQ WfisLoP0DpDhvPySy1QeaGq9Jo+NHwi5hrX64QZu8zuUXUhuQTKC2IeG8Li70CfB s1tUnDqQBSxZ7CU5FD6iP2NmfP2OvuAQ3GNB/j5/zjpqDDNABVrkY7vMobdOuhQ1 9AmFVAJtWy7x4hY4vOjOWQdrBtaYa8p56sT0YycET/BiuSkJgMfOMC8e9osCY5tR 6EXCMg9+wYifDgrNdmEybJjLKvhHhCj3Za6YghKA+7RpsXkRTobfq3KiybFfyGPx YWqDWakrkgciPu3IRA5dyoalrWoV8gQvRzsUFz40bp91/zFrxU2A1zC88Chm+ubt L/ddwG0X/DDEzoFYiLgVYamir9FpEO+mP86FYRvZWmrLuVlr7fuZMAnGxNBu9RYx 91FZOy9z1C+3Wi588KBzMJGWyXwhSao7Vwdwqpzf0zYddfAcpHVq/XPF2epB/FM9 Hw6DGm9JpmbagUHj5GZ5zg6hiZi1l24KkOtZzDnLC8RNR6/Dakz1zCgxWOIyFqUy uxum83d38HYrVJTMCWO+wB0shBVXpCspLeJD8k2v5BCkKI1cGRSqAhgz+ke21vq4 xF9p+ste6QmK7PklHdyj/VO+UifNOqCgBPDrONb4nJSb3p7HvBM= =j1q7 -----END PGP SIGNATURE----- --XJFwXASvPMQdTrHb--