• Ben Hutchings's avatar
    drivers/net: Disable UFO through virtio · a8767147
    Ben Hutchings authored
    commit 3d0ad094 upstream.
    
    IPv6 does not allow fragmentation by routers, so there is no
    fragmentation ID in the fixed header.  UFO for IPv6 requires the ID to
    be passed separately, but there is no provision for this in the virtio
    net protocol.
    
    Until recently our software implementation of UFO/IPv6 generated a new
    ID, but this was a bug.  Now we will use ID=0 for any UFO/IPv6 packet
    passed through a tap, which is even worse.
    
    Unfortunately there is no distinction between UFO/IPv4 and v6
    features, so disable UFO on taps and virtio_net completely until we
    have a proper solution.
    
    We cannot depend on VM managers respecting the tap feature flags, so
    keep accepting UFO packets but log a warning the first time we do
    this.
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    Fixes: 916e4cf4 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    a8767147
tun.c 54.7 KB