git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Davide Caratti <dcaratti@redhat.com>
	Thu, 10 Feb 2022 17:56:08 +0000 (18:56 +0100)
committer	Stefan Bader <stefan.bader@canonical.com>
	Fri, 26 Aug 2022 08:53:16 +0000 (10:53 +0200)
commit	33522383c019235e9fe71e715ac492c2ef166e46
tree	4561c57962da7b466b8fdfcab825f723b5c4f40b	tree
parent	7f6afff4798646c573199a818b7177d3ef982e7d	commit \| diff

net/sched: act_police: more accurate MTU policing

BugLink: https://bugs.launchpad.net/bugs/1982968
commit 4ddc844eb81da59bfb816d8d52089aba4e59e269 upstream.

in current Linux, MTU policing does not take into account that packets at
the TC ingress have the L2 header pulled. Thus, the same TC police action
(with the same value of tcfp_mtu) behaves differently for ingress/egress.
In addition, the full GSO size is compared to tcfp_mtu: as a consequence,
the policer drops GSO packets even when individual segments have the L2 +
L3 + L4 + payload length below the configured valued of tcfp_mtu.

Improve the accuracy of MTU policing as follows:
- account for mac_len for non-GSO packets at TC ingress.
- compare MTU threshold with the segmented size for GSO packets.
Also, add a kselftest that verifies the correct behavior.

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

net/sched/act_police.c		diff \| blob \| blame \| history
tools/testing/selftests/net/forwarding/tc_police.sh		diff \| blob \| blame \| history