batman-adv: backport a few maint patches
In particular, this fixes packages of a certain range of sizes not being transmitted correctly, leading to hanging TCP connections.
This commit is contained in:
Matthias Schiffer
parent
52b83b27e8
commit
b7eeef9b04
@ -0,0 +1,195 @@
|
||||
From: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
Date: Thu, 9 Mar 2017 19:00:12 +0100
|
||||
Subject: batman-adv: backport a few maint patches
|
||||
|
||||
In particular, this fixes packages of a certain range of sizes not being
|
||||
transmitted correctly, leading to hanging TCP connections.
|
||||
|
||||
diff --git a/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch b/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..4d754ecda1451b5c3e25f74da97fab18b7a93c87
|
||||
--- /dev/null
|
||||
+++ b/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch
|
||||
@@ -0,0 +1,64 @@
|
||||
+From bcb7b6149bd9d1f41dae01ab47e74b8a931a650f Mon Sep 17 00:00:00 2001
|
||||
+Message-Id: <bcb7b6149bd9d1f41dae01ab47e74b8a931a650f.1489082249.git.mschiffer@universe-factory.net>
|
||||
+From: Sven Eckelmann <sven@narfation.org>
|
||||
+Date: Sun, 12 Feb 2017 11:26:33 +0100
|
||||
+Subject: [PATCH] batman-adv: Fix double free during fragment merge error
|
||||
+
|
||||
+The function batadv_frag_skb_buffer was supposed not to consume the skbuff
|
||||
+on errors. This was followed in the helper function
|
||||
+batadv_frag_insert_packet when the skb would potentially be inserted in the
|
||||
+fragment queue. But it could happen that the next helper function
|
||||
+batadv_frag_merge_packets would try to merge the fragments and fail. This
|
||||
+results in a kfree_skb of all the enqueued fragments (including the just
|
||||
+inserted one). batadv_recv_frag_packet would detect the error in
|
||||
+batadv_frag_skb_buffer and try to free the skb again.
|
||||
+
|
||||
+The behavior of batadv_frag_skb_buffer (and its helper
|
||||
+batadv_frag_insert_packet) must therefore be changed to always consume the
|
||||
+skbuff to have a common behavior and avoid the double kfree_skb.
|
||||
+
|
||||
+Fixes: 9b3eab61754d ("batman-adv: Receive fragmented packets and merge")
|
||||
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
||||
+---
|
||||
+ net/batman-adv/fragmentation.c | 8 +++++---
|
||||
+ 1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
+
|
||||
+diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
|
||||
+index 65536db1..c3e293a3 100644
|
||||
+--- a/net/batman-adv/fragmentation.c
|
||||
++++ b/net/batman-adv/fragmentation.c
|
||||
+@@ -233,8 +233,10 @@ err_unlock:
|
||||
+ spin_unlock_bh(&chain->lock);
|
||||
+
|
||||
+ err:
|
||||
+- if (!ret)
|
||||
++ if (!ret) {
|
||||
+ kfree(frag_entry_new);
|
||||
++ kfree_skb(skb);
|
||||
++ }
|
||||
+
|
||||
+ return ret;
|
||||
+ }
|
||||
+@@ -305,7 +307,7 @@ free:
|
||||
+ *
|
||||
+ * There are three possible outcomes: 1) Packet is merged: Return true and
|
||||
+ * set *skb to merged packet; 2) Packet is buffered: Return true and set *skb
|
||||
+- * to NULL; 3) Error: Return false and leave skb as is.
|
||||
++ * to NULL; 3) Error: Return false and free skb.
|
||||
+ *
|
||||
+ * Return: true when packet is merged or buffered, false when skb is not not
|
||||
+ * used.
|
||||
+@@ -330,9 +332,9 @@ bool batadv_frag_skb_buffer(struct sk_buff **skb,
|
||||
+ goto out_err;
|
||||
+
|
||||
+ out:
|
||||
+- *skb = skb_out;
|
||||
+ ret = true;
|
||||
+ out_err:
|
||||
++ *skb = skb_out;
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+--
|
||||
+2.12.0
|
||||
+
|
||||
diff --git a/batman-adv/patches/1004-batman-adv-Keep-fragments-equally-sized.patch b/batman-adv/patches/1004-batman-adv-Keep-fragments-equally-sized.patch
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..431c0b4a1a722c4c2ebae390bc0c90be18966023
|
||||
--- /dev/null
|
||||
+++ b/batman-adv/patches/1004-batman-adv-Keep-fragments-equally-sized.patch
|
||||
@@ -0,0 +1,112 @@
|
||||
+From 450247570eacc8b6cf5484fe61c50eff804c6416 Mon Sep 17 00:00:00 2001
|
||||
+Message-Id: <450247570eacc8b6cf5484fe61c50eff804c6416.1489082253.git.mschiffer@universe-factory.net>
|
||||
+From: Sven Eckelmann <sven@narfation.org>
|
||||
+Date: Sat, 4 Mar 2017 17:29:25 +0100
|
||||
+Subject: [PATCH] batman-adv: Keep fragments equally sized
|
||||
+MIME-Version: 1.0
|
||||
+Content-Type: text/plain; charset=UTF-8
|
||||
+Content-Transfer-Encoding: 8bit
|
||||
+
|
||||
+The batman-adv fragmentation packets have the design problem that they
|
||||
+cannot be refragmented and cannot handle padding by the underlying link.
|
||||
+The latter often leads to problems when networks are incorrectly configured
|
||||
+and don't use a common MTU.
|
||||
+
|
||||
+The sender could for example fragment a 1271 byte frame (plus external
|
||||
+ethernet header (14) and batadv unicast header (10)) to fit in a 1280 bytes
|
||||
+large MTU of the underlying link (max. 1294 byte frames). This would create
|
||||
+a 1294 bytes large frame (fragment 2) and a 55 bytes large frame
|
||||
+(fragment 1). The extra 54 bytes are the fragment header (20) added to each
|
||||
+fragment and the external ethernet header (14) for the second fragment.
|
||||
+
|
||||
+Let us assume that the next hop is then not able to transport 1294 bytes to
|
||||
+its next hop. The 1294 byte large frame will be dropped but the 55 bytes
|
||||
+large fragment will still be forwarded to its destination.
|
||||
+
|
||||
+Or let us assume that the underlying hardware requires that each frame has
|
||||
+a minimum size (e.g. 60 bytes). Then it will pad the 55 bytes frame to 60
|
||||
+bytes. The receiver of the 60 bytes frame will no longer be able to
|
||||
+correctly assemble the two frames together because it is not aware that 5
|
||||
+bytes of the 60 bytes frame are padding and don't belong to the reassembled
|
||||
+frame.
|
||||
+
|
||||
+This can partly be avoided by splitting frames more equally. In this
|
||||
+example, the 675 and 674 bytes large fragment frames could both potentially
|
||||
+reach its destination without being too large or too small.
|
||||
+
|
||||
+Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
|
||||
+Fixes: db56e4ecf5c2 ("batman-adv: Fragment and send skbs larger than mtu")
|
||||
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
||||
+Acked-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
||||
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
|
||||
+---
|
||||
+ net/batman-adv/fragmentation.c | 20 +++++++++++++-------
|
||||
+ 1 file changed, 13 insertions(+), 7 deletions(-)
|
||||
+
|
||||
+diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
|
||||
+index c3e293a3..89882ed7 100644
|
||||
+--- a/net/batman-adv/fragmentation.c
|
||||
++++ b/net/batman-adv/fragmentation.c
|
||||
+@@ -396,7 +396,7 @@ out:
|
||||
+ * batadv_frag_create - create a fragment from skb
|
||||
+ * @skb: skb to create fragment from
|
||||
+ * @frag_head: header to use in new fragment
|
||||
+- * @mtu: size of new fragment
|
||||
++ * @fragment_size: size of new fragment
|
||||
+ *
|
||||
+ * Split the passed skb into two fragments: A new one with size matching the
|
||||
+ * passed mtu and the old one with the rest. The new skb contains data from the
|
||||
+@@ -406,11 +406,11 @@ out:
|
||||
+ */
|
||||
+ static struct sk_buff *batadv_frag_create(struct sk_buff *skb,
|
||||
+ struct batadv_frag_packet *frag_head,
|
||||
+- unsigned int mtu)
|
||||
++ unsigned int fragment_size)
|
||||
+ {
|
||||
+ struct sk_buff *skb_fragment;
|
||||
+ unsigned int header_size = sizeof(*frag_head);
|
||||
+- unsigned int fragment_size = mtu - header_size;
|
||||
++ unsigned int mtu = fragment_size + header_size;
|
||||
+
|
||||
+ skb_fragment = netdev_alloc_skb(NULL, mtu + ETH_HLEN);
|
||||
+ if (!skb_fragment)
|
||||
+@@ -448,7 +448,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
|
||||
+ struct sk_buff *skb_fragment;
|
||||
+ unsigned int mtu = neigh_node->if_incoming->net_dev->mtu;
|
||||
+ unsigned int header_size = sizeof(frag_header);
|
||||
+- unsigned int max_fragment_size, max_packet_size;
|
||||
++ unsigned int max_fragment_size, num_fragments;
|
||||
+ bool ret = false;
|
||||
+
|
||||
+ /* To avoid merge and refragmentation at next-hops we never send
|
||||
+@@ -456,10 +456,15 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
|
||||
+ */
|
||||
+ mtu = min_t(unsigned int, mtu, BATADV_FRAG_MAX_FRAG_SIZE);
|
||||
+ max_fragment_size = mtu - header_size;
|
||||
+- max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS;
|
||||
++
|
||||
++ if (skb->len == 0 || max_fragment_size == 0)
|
||||
++ return -EINVAL;
|
||||
++
|
||||
++ num_fragments = (skb->len - 1) / max_fragment_size + 1;
|
||||
++ max_fragment_size = (skb->len - 1) / num_fragments + 1;
|
||||
+
|
||||
+ /* Don't even try to fragment, if we need more than 16 fragments */
|
||||
+- if (skb->len > max_packet_size)
|
||||
++ if (num_fragments > BATADV_FRAG_MAX_FRAGMENTS)
|
||||
+ goto out_err;
|
||||
+
|
||||
+ bat_priv = orig_node->bat_priv;
|
||||
+@@ -480,7 +485,8 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
|
||||
+
|
||||
+ /* Eat and send fragments from the tail of skb */
|
||||
+ while (skb->len > max_fragment_size) {
|
||||
+- skb_fragment = batadv_frag_create(skb, &frag_header, mtu);
|
||||
++ skb_fragment = batadv_frag_create(skb, &frag_header,
|
||||
++ max_fragment_size);
|
||||
+ if (!skb_fragment)
|
||||
+ goto out_err;
|
||||
+
|
||||
+--
|
||||
+2.12.0
|
||||
+
|
||||
Loading…
Reference in New Issue
Block a user