| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jan 2010 14:55:10 -0800
From: Maciej Żenczykowski <zenczykowski@...il.com>
To: David Miller <davem@...emloft.net>
Cc: lorenzo@...gle.com, therbert@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH] IPv6: fix rt_lookup in pmtu_discovery
David, could you comment on this?
2010/1/13 Maciej Żenczykowski <zenczykowski@...il.com>:
> I believe you are looking for the following patch.
>
> I don't think it solves the problem of source based routing to any
> (significantly) greater extent than the previous patch.
> That would actually require iterating over all IPs assigned to any
> interface on our machine.
>
> However, I really don't understand the code (nor the precise issues
> involved) sufficiently well to be certain of that.
>
> I actually think the ipv4 code path suffers from a very similar problem.
>
> Mind you - I don't think these issues are really significant problems,
> because they just mean we do PMTU once per (dest ip, src ip) instead
> of once per (dest ip).
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index c2bd74c..dd8e3b3 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -1562,14 +1562,13 @@ out:
> * i.e. Path MTU discovery
> */
>
> -void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
> - struct net_device *dev, u32 pmtu)
> +static void rt6_do_pmtu_disc(struct in6_addr *daddr, struct in6_addr *saddr,
> + struct net *net, u32 pmtu, int ifindex)
> {
> struct rt6_info *rt, *nrt;
> - struct net *net = dev_net(dev);
> int allfrag = 0;
>
> - rt = rt6_lookup(net, daddr, saddr, dev->ifindex, 0);
> + rt = rt6_lookup(net, daddr, saddr, ifindex, 0);
> if (rt == NULL)
> return;
>
> @@ -1637,6 +1636,31 @@ out:
> dst_release(&rt->u.dst);
> }
>
> +void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
> + struct net_device *dev, u32 pmtu)
> +{
> + struct net *net = dev_net(dev);
> +
> + /*
> + * RFC 1981 states that a node "MUST reduce the size of the packets it
> + * is sending along the path" that caused the Packet Too Big message.
> + * Since it's not possible in the general case to determine which
> + * interface was used to send the original packet, we update the MTU
> + * on the interface that will be used to send future packets. We also
> + * update the MTU on the interface that received the Packet Too Big in
> + * case the original packet was forced out that interface with
> + * SO_BINDTODEVICE or similar. This is the next best thing to the
> + * correct behaviour, which would be to update the MTU on all
> + * interfaces.
> + */
> + rt6_do_pmtu_disc(daddr, saddr, net, pmtu, 0);
> + rt6_do_pmtu_disc(daddr, saddr, net, pmtu, dev->ifindex);
> + /* also support source address based routing */
> + rt6_do_pmtu_disc(daddr, NULL, net, pmtu, 0);
> + rt6_do_pmtu_disc(daddr, NULL, net, pmtu, dev->ifindex);
> +}
> +
> +
> /*
> * Misc support functions
> */
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists