• Vlad Yasevich's avatar
    net: Always untag vlan-tagged traffic on input. · f55ef858
    Vlad Yasevich authored
    [ Upstream commit 0d5501c1 ]
    
    Currently the functionality to untag traffic on input resides
    as part of the vlan module and is build only when VLAN support
    is enabled in the kernel.  When VLAN is disabled, the function
    vlan_untag() turns into a stub and doesn't really untag the
    packets.  This seems to create an interesting interaction
    between VMs supporting checksum offloading and some network drivers.
    
    There are some drivers that do not allow the user to change
    tx-vlan-offload feature of the driver.  These drivers also seem
    to assume that any VLAN-tagged traffic they transmit will
    have the vlan information in the vlan_tci and not in the vlan
    header already in the skb.  When transmitting skbs that already
    have tagged data with partial checksum set, the checksum doesn't
    appear to be updated correctly by the card thus resulting in a
    failure to establish TCP connections.
    
    The following is a packet trace taken on the receiver where a
    sender is a VM with a VLAN configued.  The host VM is running on
    doest not have VLAN support and the outging interface on the
    host is tg3:
    10:12:43.503055 52:54:00:ae:42:3f > 28:d2:44:7d:c2:de, ethertype 802.1Q
    (0x8100), length 78: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 27243,
    offset 0, flags [DF], proto TCP (6), length 60)
        10.0.100.1.58545 > 10.0.100.10.ircu-2: Flags [S], cksum 0xdc39 (incorrect
    -> 0x48d9), seq 1069378582, win 29200, options [mss 1460,sackOK,TS val
    4294837885 ecr 0,nop,wscale 7], length 0
    10:12:44.505556 52:54:00:ae:42:3f > 28:d2:44:7d:c2:de, ethertype 802.1Q
    (0x8100), length 78: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 27244,
    offset 0, flags [DF], proto TCP (6), length 60)
        10.0.100.1.58545 > 10.0.100.10.ircu-2: Flags [S], cksum 0xdc39 (incorrect
    -> 0x44ee), seq 1069378582, win 29200, options [mss 1460,sackOK,TS val
    4294838888 ecr 0,nop,wscale 7], length 0
    
    This connection finally times out.
    
    I've only access to the TG3 hardware in this configuration thus have
    only tested this with TG3 driver.  There are a lot of other drivers
    that do not permit user changes to vlan acceleration features, and
    I don't know if they all suffere from a similar issue.
    
    The patch attempt to fix this another way.  It moves the vlan header
    stipping code out of the vlan module and always builds it into the
    kernel network core.  This way, even if vlan is not supported on
    a virtualizatoin host, the virtual machines running on top of such
    host will still work with VLANs enabled.
    
    CC: Patrick McHardy <kaber@trash.net>
    CC: Nithin Nayak Sujir <nsujir@broadcom.com>
    CC: Michael Chan <mchan@broadcom.com>
    CC: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: default avatarVladislav Yasevich <vyasevic@redhat.com>
    Acked-by: default avatarJiri Pirko <jiri@resnulli.us>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    f55ef858
br_vlan.c 9.13 KB