lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 29 Oct 2007 21:11:44 -0400
From:	"Bruno Clermont" <bruno.clermont@...oe.ca>
To:	netdev@...r.kernel.org
Subject: Fwd: Bug with tun0 and VLAN

Hi,

I previously contacted tun driver maintainer about a bug I found and
he suggested me to forward this to you.
so, look like there is a bug in the kernel when the VLAN code is
dealing with an interface like the tun interface.

see forwarded my original mail and Max reply.

thanks!

---------- Forwarded message ----------
From: Max Krasnyansky <maxk@...lcomm.com>
Date: Oct 29, 2007 8:29 PM
Subject: Re: Bug with tun0 and VLAN
To: Bruno Clermont <bruno.clermont@...il.com>

Hi Bruno,

> Hi,
>
> I'm writing to you, because you seem to be the maintainer of the tun driver.
>
> I hit a bug lately. I was testing this scenario:
>
> [Server1][eth0]-------(Internet)----------[eth0][Server2]
>
> I want to be able to route traffic for many VLAN into a single tunnel
> instead of invoking 1 openvpn process per VLAN. so, I tried to add VLAN
> to tun interface.
>
> I create an OpenVPN tunnel between Server1 and 2, this part work. the
> tun0 is going up. I use heavily openvpn and I'm sure of me on this part.
> I made sure openvpn did not set any IP on the tunnel.
>
> So, I added the vlan to the tun interface on both server:
>
> ifconfig tun0 up
> vconfig add tun0 1
> vconfig add tun1 2
>
> on server1:
> ifconfig tun0.1 10.0.0.1 <http://10.0.0.1> netmask 255.255.255.0
> <http://255.255.255.0> up
> ifconfig tun0.1 10.0.1.1 <http://10.0.1.1> netmask 255.255.255.0
> <http://255.255.255.0> up
>
> on server2:
> ifconfig tun0.1 10.0.0.2 <http://10.0.0.2> netmask 255.255.255.0
> <http://255.255.255.0> up
> ifconfig tun0.1 10.0.1.2 <http://10.0.1.2> netmask 255.255.255.0
> <http://255.255.255.0> up
>
> Trying to ping the other end of the tun/vlan make the kernel panic on
> the host that try to ping.
> I tried on Ubuntu Feisty and Gutsy (2.6.22) and they both crash.
>
> I tried it severals times on different host and it seem that combining
> VLAN and tun interface crash the kernel.
> it's easy to reproduce.
>
> Is it a tun driver issue? VLAN code issue? some other part of the
> kernel? I don't know.
>
> your my first attempt of communication for this issue... If it's not
> supported, at least the kernel should not panic!

Actually TUN is a point to point device, it does not have Ethernet MAC
headers. In other words VLANs would never work over TUN.
I agree though that it should not crash. So it's better to report this to
netdev mailing list. Basically VLAN code should outright refuse to attach
to TUN devices.

Max
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ