net/sched: act_police: more accurate MTU policing
Davide Caratti authored
commit 4ddc844e

 upstream.

in current Linux, MTU policing does not take into account that packets at
the TC ingress have the L2 header pulled. Thus, the same TC police action
(with the same value of tcfp_mtu) behaves differently for ingress/egress.
In addition, the full GSO size is compared to tcfp_mtu: as a consequence,
the policer drops GSO packets even when individual segments have the L2 +
L3 + L4 + payload length below the configured valued of tcfp_mtu.

Improve the accuracy of MTU policing as follows:
 - account for mac_len for non-GSO packets at TC ingress.
 - compare MTU threshold with the segmented size for GSO packets.
Also, add a kselftest that verifies the correct behavior.
Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
7cbcf67c
Name Last commit Last update
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index
802 net: 802: Use memset_startat() to clear struct fields
8021q vlan: move dev_put into vlan_dev_uninit
9p xen/9p: use alloc/free_pages_exact()
appletalk net: socket: rework compat_ifreq_ioctl()
atm proc: remove PDE_DATA() completely
ax25 ax25: Fix ax25 session cleanup problems
batman-adv batman-adv: Don't skb_split skbuffs with frag_list
bluetooth bluetooth: don't use bitmaps for random flag accesses
bpf bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide
bpfilter bpfilter: Specify the log level for the kmsg message
bridge net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
can can: isotp: remove re-binding of bound socket
ceph libceph: fix potential use-after-free on linger ping and resends
core net, neigh: Set lower cap for neigh_managed_work rearming
dcb net: dcb: disable softirqs in dcbnl_flush_dev()
dccp dccp: Inline dccp_listen_start().
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
dns_resolver net: remove redundant 'depends on NET'
dsa net: dsa: flush switchdev workqueue on bridge join error path
ethernet gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers
ethtool ethtool: use phydev variable
hsr net: Write lock dev_base_lock without disabling bottom halves.
ieee802154 net: ieee802154: Return meaningful error codes from the netlink helpers
ife
ipv4
ipv6
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mctp
mpls
mptcp
ncsi
netfilter
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill
rose
rxrpc
sched
sctp
smc
strparser
sunrpc
switchdev
tipc
tls
unix
vmw_vsock
wireless
x25
xdp
xfrm
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c
sysctl_net.c