lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Jun 2011 09:38:19 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: David Miller <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org Subject: Re: [PATCH 2/3] ipv4: Fix packet size calculation for IPsec packets in __ip_append_data Le lundi 06 juin 2011 à 08:48 +0200, Steffen Klassert a écrit : > Git commit 59104f06 (ip: take care of last fragment in ip_append_data) > added a check to see if we exceed the mtu when we add trailer_len. > However, the mtu is already subtracted by trailer_len when the > xfrm transfomation bundles are set up. So IPsec packets with mtu > size get fragmented, or if the DF bit is set the packets will not > be send even though they match the mtu perfectly fine. This patch > actually reverts commit 59104f06. > > Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com> > --- Woh, I am afraid I wont have time in following days to check your assertion. What about original problem then, how should we fix it ? We do have some cases where at least one fragment (the last one) is oversized. I remember I used Nick Bowler scripts at that time, I might find them again... [PATCH] ip : take care of last fragment in ip_append_data While investigating a bit, I found ip_fragment() slow path was taken because ip_append_data() provides following layout for a send(MTU + N*(MTU - 20)) syscall : - one skb with 1500 (mtu) bytes - N fragments of 1480 (mtu-20) bytes (before adding IP header) last fragment gets 17 bytes of trail data because of following bit: if (datalen == length + fraggap) alloclen += rt->dst.trailer_len; Then esp4 adds 16 bytes of data (while trailer_len is 17... hmm... another bug ?) In ip_fragment(), we notice last fragment is too big (1496 + 20) > mtu, so we take slow path, building another skb chain. In order to avoid taking slow path, we should correct ip_append_data() to make sure last fragment has real trail space, under mtu... Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists