[pve-devel] applied: [PATCH kronosnet 1/3] cherry-pick pmtud fixes

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Aug 2 11:37:48 CEST 2019


from upstream PR#242

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 patches/0006-cherry-pick-pmtud-fixes.patch | 256 +++++++++++++++++++++
 patches/series                             |   1 +
 2 files changed, 257 insertions(+)
 create mode 100644 patches/0006-cherry-pick-pmtud-fixes.patch

diff --git a/patches/0006-cherry-pick-pmtud-fixes.patch b/patches/0006-cherry-pick-pmtud-fixes.patch
new file mode 100644
index 0000000..9653db7
--- /dev/null
+++ b/patches/0006-cherry-pick-pmtud-fixes.patch
@@ -0,0 +1,256 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
+Date: Fri, 2 Aug 2019 10:52:32 +0200
+Subject: [PATCH kronosnet] cherry-pick pmtud fixes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+from upstream PR#242.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
+---
+ ...ation-when-using-crypto-and-add-docs.patch | 100 ++++++++++++++++++
+ .../patches/crypto-fix-log-information.patch  |  32 ++++++
+ .../patches/docs-add-knet-packet-layout.patch |  43 ++++++++
+ ...nformation-about-detected-kernel-MTU.patch |  22 ++++
+ debian/patches/series                         |   4 +
+ 5 files changed, 201 insertions(+)
+ create mode 100644 debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+ create mode 100644 debian/patches/crypto-fix-log-information.patch
+ create mode 100644 debian/patches/docs-add-knet-packet-layout.patch
+ create mode 100644 debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+
+diff --git a/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+new file mode 100644
+index 0000000..2e55471
+--- /dev/null
++++ b/debian/patches/PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
+@@ -0,0 +1,100 @@
++From: "Fabio M. Di Nitto" <fdinitto at redhat.com>
++Date: Fri, 2 Aug 2019 10:44:23 +0200
++Subject: [PMTUd] fix MTU calculation when using crypto and add docs
++
++Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
++(cherry picked from commit 06709869d55061d9e402928f63b8ea062dd19dfd)
++---
++ libknet/threads_pmtud.c | 55 +++++++++++++++++++++++++++++++++++++++++++------
++ 1 file changed, 49 insertions(+), 6 deletions(-)
++
++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
++index 2cd48f9..1a19806 100644
++--- a/libknet/threads_pmtud.c
+++++ b/libknet/threads_pmtud.c
++@@ -113,29 +113,68 @@ restart:
++ 	 * knet_h->sec_hash_size is >= 0 if signing is enabled
++ 	 */
++ 
+++	/*
+++	 * common to all packets
+++	 */
++ 	data_len = onwire_len - overhead_len;
++ 
++ 	if (knet_h->crypto_instance) {
++ 
+++realign:
++ 		if (knet_h->sec_block_size) {
+++
+++			/*
+++			 * drop both salt and hash, that leaves only the crypto data and padding
+++			 * we need to calculate the padding based on the real encrypted data.
+++			 */
+++			data_len = data_len - (knet_h->sec_salt_size + knet_h->sec_hash_size);
+++
+++			/*
+++			 * if the crypto mechanism requires padding, calculate the padding
+++			 * and add it back to data_len because that's what the crypto layer
+++			 * would do.
+++			 */
++ 			pad_len = knet_h->sec_block_size - (data_len % knet_h->sec_block_size);
+++
+++			/*
+++			 * if are at the boundary, reset padding
+++			 */
++ 			if (pad_len == knet_h->sec_block_size) {
++ 				pad_len = 0;
++ 			}
++ 			data_len = data_len + pad_len;
++-		}
++ 
++-		data_len = data_len + (knet_h->sec_hash_size + knet_h->sec_salt_size + knet_h->sec_block_size);
++-
++-		if (knet_h->sec_block_size) {
+++			/*
+++			 * if our current data_len is higher than max_mtu_len
+++			 * then we need to reduce by padding size (that is our
+++			 * increment / decrement value)
+++			 *
+++			 * this generally happens only on the first PMTUd run
+++			 */
++ 			while (data_len + overhead_len >= max_mtu_len) {
++ 				data_len = data_len - knet_h->sec_block_size;
++ 			}
+++
+++			/*
+++			 * add both hash and salt size back, similar to padding above,
+++			 * the crypto layer will add them to the data_len
+++			 */
+++			data_len = data_len + (knet_h->sec_salt_size + knet_h->sec_hash_size);
++ 		}
++ 
++ 		if (dst_link->last_bad_mtu) {
++-			while (data_len + overhead_len >= dst_link->last_bad_mtu) {
++-				data_len = data_len - (knet_h->sec_hash_size + knet_h->sec_salt_size + knet_h->sec_block_size);
+++			if (data_len + overhead_len >= dst_link->last_bad_mtu) {
+++				/*
+++				 * reduce data_len to something lower than last_bad_mtu, overhead_len
+++				 * and sec_block_size (decrementing step) - 1 (granularity)
+++				 */
+++				data_len = dst_link->last_bad_mtu - overhead_len - knet_h->sec_block_size - 1;
+++				if (knet_h->sec_block_size) {
+++					/*
+++					 * make sure that data_len is aligned to the sec_block_size boundary
+++					 */
+++					goto realign;
+++				}
++ 			}
++ 		}
++ 
++@@ -144,6 +183,10 @@ restart:
++ 			return -1;
++ 		}
++ 
+++		/*
+++		 * recalculate onwire_len based on crypto information
+++		 * and place it in the PMTUd packet info
+++		 */
++ 		onwire_len = data_len + overhead_len;
++ 		knet_h->pmtudbuf->khp_pmtud_size = onwire_len;
++ 
+diff --git a/debian/patches/crypto-fix-log-information.patch b/debian/patches/crypto-fix-log-information.patch
+new file mode 100644
+index 0000000..8823888
+--- /dev/null
++++ b/debian/patches/crypto-fix-log-information.patch
+@@ -0,0 +1,32 @@
++From: "Fabio M. Di Nitto" <fdinitto at redhat.com>
++Date: Tue, 30 Jul 2019 11:18:33 +0200
++Subject: [crypto] fix log information
++
++Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
++(cherry picked from commit b54f80dcf14fc962fdf304d41be0b1001de716e7)
++---
++ libknet/crypto.c | 4 ++--
++ 1 file changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/libknet/crypto.c b/libknet/crypto.c
++index 9f05fba..9d6757b 100644
++--- a/libknet/crypto.c
+++++ b/libknet/crypto.c
++@@ -151,8 +151,6 @@ int crypto_init(
++ 		goto out;
++ 	}
++ 
++-	log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size);
++-
++ out:
++ 	if (!err) {
++ 		knet_h->crypto_instance = new;
++@@ -161,6 +159,8 @@ out:
++ 		knet_h->sec_hash_size = new->sec_hash_size;
++ 		knet_h->sec_salt_size = new->sec_salt_size;
++ 
+++		log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %zu", knet_h->sec_header_size);
+++
++ 		if (current) {
++ 			if (crypto_modules_cmds[current->model].ops->fini != NULL) {
++ 				crypto_modules_cmds[current->model].ops->fini(knet_h, current);
+diff --git a/debian/patches/docs-add-knet-packet-layout.patch b/debian/patches/docs-add-knet-packet-layout.patch
+new file mode 100644
+index 0000000..5a3ec84
+--- /dev/null
++++ b/debian/patches/docs-add-knet-packet-layout.patch
+@@ -0,0 +1,43 @@
++From: "Fabio M. Di Nitto" <fdinitto at redhat.com>
++Date: Fri, 2 Aug 2019 10:43:09 +0200
++Subject: [docs] add knet packet layout
++
++Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
++(cherry picked from commit 5608714c6951afdad02e13a6468fc1df020b4de4)
++---
++ libknet/threads_pmtud.c | 22 ++++++++++++++++++++++
++ 1 file changed, 22 insertions(+)
++
++diff --git a/libknet/threads_pmtud.c b/libknet/threads_pmtud.c
++index 603f595..2cd48f9 100644
++--- a/libknet/threads_pmtud.c
+++++ b/libknet/threads_pmtud.c
++@@ -91,6 +91,28 @@ restart:
++ 		failsafe++;
++ 	}
++ 
+++	/*
+++	 * unencrypted packet looks like:
+++	 *
+++	 * | ip | protocol | knet_header | unencrypted data                                  |
+++	 * | onwire_len                                                                      |
+++	 * | overhead_len  |
+++	 *                 | data_len                                                        |
+++	 *                               | app MTU                                           |
+++	 *
+++	 * encrypted packet looks like (not to scale):
+++	 *
+++	 * | ip | protocol | salt | crypto(knet_header | data)      | crypto_data_pad | hash |
+++	 * | onwire_len                                                                      |
+++	 * | overhead_len  |
+++	 *                 | data_len                                                        |
+++	 *                                             | app MTU    |
+++	 *
+++	 * knet_h->sec_block_size is >= 0 if encryption will pad the data
+++	 * knet_h->sec_salt_size is >= 0 if encryption is enabled
+++	 * knet_h->sec_hash_size is >= 0 if signing is enabled
+++	 */
+++
++ 	data_len = onwire_len - overhead_len;
++ 
++ 	if (knet_h->crypto_instance) {
+diff --git a/debian/patches/udp-log-information-about-detected-kernel-MTU.patch b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+new file mode 100644
+index 0000000..a28d3ad
+--- /dev/null
++++ b/debian/patches/udp-log-information-about-detected-kernel-MTU.patch
+@@ -0,0 +1,22 @@
++From: "Fabio M. Di Nitto" <fdinitto at redhat.com>
++Date: Wed, 31 Jul 2019 14:15:07 +0200
++Subject: [udp] log information about detected kernel MTU
++
++Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
++(cherry picked from commit 84aed4bba304f40feb32a5c09885350756ab2d1d)
++---
++ libknet/transport_udp.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
++index 53d2ba0..be990bb 100644
++--- a/libknet/transport_udp.c
+++++ b/libknet/transport_udp.c
++@@ -337,6 +337,7 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
++ 									break;
++ 								} else {
++ 									knet_h->kernel_mtu = sock_err->ee_info;
+++									log_debug(knet_h, KNET_SUB_TRANSP_UDP, "detected kernel MTU: %u", knet_h->kernel_mtu);
++ 									pthread_mutex_unlock(&knet_h->kmtu_mutex);
++ 								}
++ 
+diff --git a/debian/patches/series b/debian/patches/series
+index e58890e..c5950b7 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -75,3 +75,7 @@ crypto-hide-errors-generated-by-openssl-1.1.1c.patch
+ doc-fix-a-merge-oversight-from-541d7faf9068d10e12b4278c35.patch
+ global-clarify-license-entry-per-file-to-match-README.lic.patch
+ global-update-copyrights.patch
++crypto-fix-log-information.patch
++udp-log-information-about-detected-kernel-MTU.patch
++docs-add-knet-packet-layout.patch
++PMTUd-fix-MTU-calculation-when-using-crypto-and-add-docs.patch
diff --git a/patches/series b/patches/series
index 2c013fc..3f64ee5 100644
--- a/patches/series
+++ b/patches/series
@@ -3,3 +3,4 @@
 0003-cherry-pick-1.10-as-patches.patch
 0004-add-libzstd-dev-to-build-depends.patch
 0005-add-new-symbols-for-libknet-1.10.patch
+0006-cherry-pick-pmtud-fixes.patch
-- 
2.20.1




More information about the pve-devel mailing list