| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Sep 2013 19:03:45 +0200 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Oussama Ghorbel <oghorbell@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] IPv6: Allow the MTU of ipip6 tunnel to be set below 1280 On Fri, Sep 27, 2013 at 05:36:45PM +0100, Oussama Ghorbel wrote: > Please see my comments below > > Regards, > Oussama > > On Fri, Sep 27, 2013 at 11:58 AM, Hannes Frederic Sowa > <hannes@...essinduktion.org> wrote: > > On Fri, Sep 27, 2013 at 11:45:48AM +0100, Oussama Ghorbel wrote: > >> The ip6_tunnel.c module would be then dependent on ip_tunnel.c and may > >> be it would not be good thing? > > > > It could just be a static inline in some shared header. So there would > > be no compile-time dependency. > > > > The higher limit of mtu in ip_tunnel_change_mtu() is a calculated value. > This high limit is calculated using the netdev priv struct ip_tunnel > (field hlen). > This netdev priv struct is different in ipv6, it's a ip6_tnl struct. > Therefore implementing a beautiful function like > ip_tunnel_valid_mtu(struct net_device *dev, int mtu) won't be > feasible, unless we implement it in macro or something like like > ip_tunnel_valid_mtu(struct net_device *dev, int hlen, int mtu) which > seems not very nice ... > What do yo think? Ok, let's go with one function per protocol type. Seems easier. It seems to get more hairy, because it depends on the tunnel driver if the prepended ip header is accounted in hard_header_len. :/ I don't know if it works out cleanly. Otherwise I would be ok if the checks just get repeated in ip6_tunnel and leave the rest as-is. > > >> As I have check in v3.10 there is no call from ip6_tunnel to ip_tunnel... > >> > >> For information, there is no check for the maximum MTU for ipv4 in the > >> patch as this is not done for ipv6. > > > > I understand, but it would be better to limit the MTU here. There is a > > (non-jumo) IPV6_MAXPLEN constant. > > > > Looking through the source it seems grev6 does actually check this, > > so it would not hurt adding them here, too. > > what if jumbograms is used, in that case, we can't use IPV6_MAXPLEN. > the limit would be the the full unsigned int. > However checking the higher limit for ipv4 would be useful. Linux currently cannot create "jumbograms" (only the receiving side is supported). > Please also note in case the tunnel mode is any (ipv4 or ipv6 means > ip6_tnl.parms.proto = 0), then we will be required to take the most > restrict limit from both ipv4 and ipv6 which means the lower limit > will be 1280 and the higher limit will be about 65535 > Do you agree on this? Agreed, this would be needed for e.g. the sit driver, which now can handle both protocols. Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists