Merged
Conversation
According to source code, kernel uses MTU from skb->_skb_refdst. Let pwru collect MTU from there using the same logic. It requires to cast skb->_skb_refdst to dst_entry*, then fetch dst_metric_raw(dst, RTAX_MTU) and dst->dev->mtu. ``` // https://elixir.bootlin.com/linux/v6.5/source/net/ipv4/ip_forward.c#L86 // net/ipv4/ip_forward.c int ip_forward(struct sk_buff *skb) { [...] rt = skb_rtable(skb); [...] mtu = ip_dst_mtu_maybe_forward(&rt->dst, true); if (ip_exceeds_mtu(skb, mtu)) { IP_INC_STATS(net, IPSTATS_MIB_FRAGFAILS); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); SKB_DR_SET(reason, PKT_TOO_BIG); goto drop; } [...] } // include/linux/skbuff.h static inline struct rtable *skb_rtable(const struct sk_buff *skb) { return (struct rtable *)skb_dst(skb); } // include/linux/skbuff.h static inline struct dst_entry *skb_dst(const struct sk_buff *skb) { [...] return (struct dst_entry *)(skb->_skb_refdst & SKB_DST_PTRMASK); } // include/net/ip.h static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst, bool forwarding) { [...] mtu = dst_metric_raw(dst, RTAX_MTU); if (mtu) goto out; mtu = READ_ONCE(dst->dev->mtu); [...] } // include/net/dst.h ((u32 *)((Y) & ~DST_METRICS_FLAGS)) ``` With this patch, pwru can output the correct MTU used by OS. Case 1: Cilium could reduce the route MTU to 1423 inside a pod. This can't be detected by pwru because it only checks link MTU. Case 2: Xfrm could reduce the route MTU to 1446 in ip_forward(). Pwru must inspect route MTU from skb->_skb_dstref to understand that. Signed-off-by: gray <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
According to source code, kernel uses MTU from skb->_skb_refdst. Let pwru collect MTU from there using the same logic.
It requires to cast skb->_skb_refdst to dst_entry*, then fetch dst_metric_raw(dst, RTAX_MTU) and dst->dev->mtu.
With this patch, pwru can output the correct MTU used by OS.
Case 1: Cilium could reduce the route MTU to 1423 inside a pod. This couldn't be detected by pwru until this patch because it only checked link MTU.
Case 2: Xfrm could reduce the route MTU to 1446 in ip_forward(). Pwru must inspect route MTU from skb->_skb_dstref to understand that, this patch makes it happen.