From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B9580A0588;
	Tue,  7 Apr 2020 14:41:09 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id A28D22B96;
	Tue,  7 Apr 2020 14:41:08 +0200 (CEST)
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [207.211.31.81]) by dpdk.org (Postfix) with ESMTP id 23ADA2B86
 for <dev@dpdk.org>; Tue,  7 Apr 2020 14:41:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1586263266;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=vLr0dBr2C6SNJlgTMX8uoTPSdvyIvizPjMxkF1tDuYM=;
 b=OrOqwCzYl7f3Q+6rqLAxhD3reUMN+TivOXJ9myN6UkDqPtdy8STVKHYvTzblezZeao9wtr
 SBDPkZ7PfjV3m8l48SHHn6xyuGeW1SKdCiThRuYKEef7NXNZnv9Q7nHGONMBVhFn5c6iHt
 6pPdxbmRHY7qQYOIdoVcHGexxBqcZkY=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-345-dmFo8yxTPD6sEyb0brqx7A-1; Tue, 07 Apr 2020 08:41:05 -0400
X-MC-Unique: dmFo8yxTPD6sEyb0brqx7A-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7E0DB1B18BC1;
 Tue,  7 Apr 2020 12:41:03 +0000 (UTC)
Received: from dhcp-25.97.bos.redhat.com (ovpn-116-136.phx2.redhat.com
 [10.3.116.136])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F1999D37B;
 Tue,  7 Apr 2020 12:40:59 +0000 (UTC)
From: Aaron Conole <aconole@redhat.com>
To: "Ananyev\, Konstantin" <konstantin.ananyev@intel.com>
Cc: "dev\@dpdk.org" <dev@dpdk.org>, Sunil Kumar Kori <skori@marvell.com>,
 "Burakov\, Anatoly" <anatoly.burakov@intel.com>, Chas Williams <chas3@att.com>,
 "Richardson\, Bruce" <bruce.richardson@intel.com>,
 David Marchand <david.marchand@redhat.com>
References: <20200401131849.2209336-1-aconole@redhat.com>
 <20200401183917.3620845-1-aconole@redhat.com>
 <20200401183917.3620845-4-aconole@redhat.com>
 <BYAPR11MB25491810307D78BE1C241B579AC30@BYAPR11MB2549.namprd11.prod.outlook.com>
Date: Tue, 07 Apr 2020 08:40:58 -0400
In-Reply-To: <BYAPR11MB25491810307D78BE1C241B579AC30@BYAPR11MB2549.namprd11.prod.outlook.com>
 (Konstantin Ananyev's message of "Tue, 7 Apr 2020 10:43:15 +0000")
Message-ID: <f7t369fbh9h.fsf@dhcp-25.97.bos.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dpdk-dev] [PATCH v3 3/4] ip_frag: ipv6 fragments must not be
	resubmitted to fragmentation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

"Ananyev, Konstantin" <konstantin.ananyev@intel.com> writes:

>> IPv6 only allows traffic source nodes to fragment,
>
> Yes.
>
>> so submitting
>> a packet with next header of IPPROTO_FRAGMENT would be invalid.
>
> If only source is allowed to fragment packet, then this check seems
> redundant, no?

Hrrm?  How so?  Is there something that prevents someone from calling
the library function twice?

> I can't imagine source calling fragment() twice for the same packet, and
> I don't see any point for us to check such situations.

Should we not check any error conditions at all?  I don't understand.

> Besides, strictly speaking the check below is insufficient,
> as fragmentation ext header could be not the first one.

You're right - we could probably walk next headers until we see one of
the auth header types or upper layer header as "next header".  I can
respin with that if you'd like.

> Konstantin
>
>>=20
>> Signed-off-by: Aaron Conole <aconole@redhat.com>
>> ---
>>  lib/librte_ip_frag/rte_ipv6_fragmentation.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>=20
>> diff --git a/lib/librte_ip_frag/rte_ipv6_fragmentation.c b/lib/librte_ip=
_frag/rte_ipv6_fragmentation.c
>> index 820a5dc725..aebcfa4325 100644
>> --- a/lib/librte_ip_frag/rte_ipv6_fragmentation.c
>> +++ b/lib/librte_ip_frag/rte_ipv6_fragmentation.c
>> @@ -106,6 +106,10 @@ rte_ipv6_fragment_packet(struct rte_mbuf *pkt_in,
>>=20
>>  =09in_hdr =3D rte_pktmbuf_mtod(pkt_in, struct rte_ipv6_hdr *);
>>=20
>> +=09/* Fragmenting a fragmented packet?! */
>> +=09if (unlikely(in_hdr->proto =3D=3D IPPROTO_FRAGMENT))
>> +=09=09return -ENOTSUP;
>> +
>>  =09in_seg =3D pkt_in;
>>  =09in_seg_data_pos =3D sizeof(struct rte_ipv6_hdr);
>>  =09out_pkt_pos =3D 0;
>> --
>> 2.25.1