| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2011 15:38:44 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: Jesse Young <jlyo@...o.org>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: Missing TCP SYN on loopback, retransmits after 1s
Le mardi 22 novembre 2011 à 18:37 -0600, Jesse Young a écrit :
> On Tue, 22 Nov 2011 19:23:38 -0500 (EST)
> David Miller <davem@...emloft.net> wrote:
>
> > From: Jesse Young <jlyo@...o.org>
> > Date: Tue, 22 Nov 2011 18:13:20 -0600
> >
> > > What's also puzzling, is that I see no packet drop reporting in
> > > $ ifconfig lo
> > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 metric 1
> > > inet 127.0.0.1 netmask 255.0.0.0
> > > inet6 ::1 prefixlen 128 scopeid 0x10<host>
> > > loop txqueuelen 0 (Local Loopback)
> > > RX packets 276411482 bytes 15822880567 (14.7 GiB)
> > > RX errors 0 dropped 0 overruns 0 frame 0
> > > TX packets 276411482 bytes 15822880567 (14.7 GiB)
> > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions
> >
> > The device driver therefore isn't even seeing the packets, they are
> > being dropped elsewhere.
> >
> > Why is this "puzzling"?
> >
> > There's layers upon layers and thousands of places where packets can
> > be dropped between the originating network stack and the actual device
> > driver.
>
> Maybe puzzling isn't the best word... just some more relevant
> information. Also, this is the loopback interface, there is no device
> driver, PHY or DLL layer in question here (just the loopback's mock
> driver/PHY/DLL).
>
> I presume that the drop is occuring in between the NET layer, and the sys
> call interface, do you agree? Where should I begin looking?
> --
Here is the patch to solve this IPv6 problem, thanks a lot for the
report !
[PATCH] ipv6: tcp: fix tcp_v6_conn_request()
Since linux 2.6.26 (commit c6aefafb7ec6 : Add IPv6 support to TCP SYN
cookies), we can drop a SYN packet reusing a TIME_WAIT socket.
(As a matter of fact we fail to send the SYNACK answer)
As the client resends its SYN packet after a one second timeout, we
accept it, because first packet removed the TIME_WAIT socket before
being dropped.
This probably explains why nobody ever noticed or complained.
Reported-by: Jesse Young <jlyo@...o.org>
Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
---
net/ipv6/tcp_ipv6.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 36131d1..2dea4bb 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1255,6 +1255,13 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
if (!want_cookie || tmp_opt.tstamp_ok)
TCP_ECN_create_request(req, tcp_hdr(skb));
+ treq->iif = sk->sk_bound_dev_if;
+
+ /* So that link locals have meaning */
+ if (!sk->sk_bound_dev_if &&
+ ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
+ treq->iif = inet6_iif(skb);
+
if (!isn) {
struct inet_peer *peer = NULL;
@@ -1264,12 +1271,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
atomic_inc(&skb->users);
treq->pktopts = skb;
}
- treq->iif = sk->sk_bound_dev_if;
-
- /* So that link locals have meaning */
- if (!sk->sk_bound_dev_if &&
- ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
- treq->iif = inet6_iif(skb);
if (want_cookie) {
isn = cookie_v6_init_sequence(sk, skb, &req->mss);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists