| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 07 Jun 2011 07:06:57 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: David Miller <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org Subject: Re: [PATCH 2/3] ipv4: Fix packet size calculation for IPsec packets in __ip_append_data Le lundi 06 juin 2011 à 10:52 +0200, Steffen Klassert a écrit : > On Mon, Jun 06, 2011 at 09:38:19AM +0200, Eric Dumazet wrote: > > > > Woh, I am afraid I wont have time in following days to check your > > assertion. > > My test setup was the following: > > I use an IPsec tunnel with tunnel endpoints 192.168.1.1 and 192.168.1.2 > > Then I do at 192.168.1.2 > > ping -c1 -M do -s 1410 192.168.1.1 > > PING 192.168.1.1 (192.168.1.1) 1410(1438) bytes of data. > From 192.168.1.2 icmp_seq=1 Frag needed and DF set (mtu = 1438) > > --- 192.168.1.1 ping statistics --- > 0 packets transmitted, 0 received, +1 errors > > So the packet matches the mtu but it is not send. > I used a kernel with your patch as head commit. > > Reverting your patch (going one commit deeper in the history): > > ping -c1 -M do -s 1410 192.168.1.1 > > PING 192.168.1.1 (192.168.1.1) 1410(1438) bytes of data. > 1418 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=3.01 ms > > --- 192.168.1.1 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 3.014/3.014/3.014/0.000 ms > > > > > What about original problem then, how should we fix it ? > > > > Hm, I don't know. I'll try to reproduce it here. > > > We do have some cases where at least one fragment (the last one) is > > oversized. > > trailer_len is used only on IPsec so the poroblem exists only when > using IPsec, right? > > > > > I remember I used Nick Bowler scripts at that time, I might find them > > again... > > Would be nice if you could provide these scripts and some informations > on how to reproduce the problem. > Nick mail was : http://www.spinics.net/lists/netdev/msg141308.html Unfortunatly I could not find on my machines where I put my own scripts... Not a big deal, I suspect we can revert my commit if you say it added a regression :) Thanks -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists