gre: Workarounds for large packets over GRE

The first change is to not propagate the IP DF bit from the inner
packet to the outer packet.  Large TCP packets can get segmented
first which will set the DF bit.  However these segmented packets
might still be too large after the GRE header is added, requiring
fragmentation.

The second change is to raise the MTU of the GRE tunnel device.
This prevents packets from being dropped in the datapath before
they can be fragmented.  Since the datapath is layer 2 it does not
do any fragmentation and drops any packets that are too large.

Both of these are temporary workarounds that need to be addressed
more carefully in the future.

Bug #2379

diff --git a/datapath/linux-2.6/compat-2.6/ip_gre.c b/datapath/linux-2.6/compat-2.6/ip_gre.c
index 246e864e08bab258f91043786910c64a5ee12c19..5a4b98baf20e719285dd2d64f5694a55957cb202 100644 (file)
--- a/datapath/linux-2.6/compat-2.6/ip_gre.c
+++ b/datapath/linux-2.6/compat-2.6/ip_gre.c
@@ -815,6 +815,9 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
        if (skb_dst(skb))
                skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
 
+       /* XXX: Temporarily allow fragmentation since DF doesn't
+        * do the right thing with bridging. */
+/*
        if (skb->protocol == htons(ETH_P_IP)) {
                df |= (old_iph->frag_off&htons(IP_DF));
 
@@ -845,7 +848,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
                }
        }
 #endif
-
+*/
        if (tunnel->err_count > 0) {
                if (time_before(jiffies,
                                tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
@@ -1008,6 +1011,10 @@ static int ipgre_tunnel_bind_dev(struct net_device *dev)
        if (mtu < 68)
                mtu = 68;
 
+       /* XXX: Set MTU to the maximum possible value.  If we are bridged to a
+       * device with a larger MTU then packets will be dropped. */
+       mtu = 65482;
+
        return mtu;
 }