lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Feb 2014 00:17:15 +0100 From: Wolfgang Walter <linux@...m.de> To: netdev@...r.kernel.org, Hannes Frederic Sowa <hannes@...essinduktion.org> Subject: Re: linux 3.13: problems with isatap tunnel device and UFO Am Freitag, 7. Februar 2014, 23:22:27 schrieb Hannes Frederic Sowa: > Hi! > > On Fri, Feb 07, 2014 at 07:17:40PM +0100, Wolfgang Walter wrote: > > Am Freitag, 7. Februar 2014, 18:56:41 schrieb Hannes Frederic Sowa: > > > Hi! > > > > > > On Fri, Feb 07, 2014 at 06:47:07PM +0100, Wolfgang Walter wrote: > > > > with kernel 3.13 I have a problem with isatap tunnels receiving > > > > fragmented > > > > ipv6 udp packets. > > > > > > Which was the last known version that did work? > > > > I think 3.12 had no problems, but I'm not sure. I test this tonight. 3.12 is indeed fine. But this is probably because of: ethtool -k is0 .... udp-fragmentation-offload: off [fixed] .... > > Could you give me a bit more details on your setup, please? > > I just tested a setup with UFO packets in sit tunnels and it worked > properly for me (on net). > host A (which shows the problem with kernel 3.13): $ ip addr ls eth0 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2001:1111:2222:aaaa:0:5efe:c0a8:101/120 scope global valid_lft forever preferred_lft forever inet6 fe80::1322:33ff:fe44:5566/64 scope link valid_lft forever preferred_lft forever $ ip addr ls is0 14: is0: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default link/sit 192.168.1.1 brd 0.0.0.0 inet6 2001:1111:2222:aaaa:0:5efe:c0a8:101/64 scope global dynamic valid_lft 85977sec preferred_lft 13977sec inet6 fe80::5efe:c0a8:101/64 scope link valid_lft forever preferred_lft forever The other host B is in the same isatap-subnet (but a different ipv4-subnet): $ ip addr ls eth0 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 11:22:33:44:55:ee brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::1322:33ff:fe44:55ee/64 scope link valid_lft forever preferred_lft forever $ ip addr ls is0 10: is0: <NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default link/sit 192.168.10.1 brd 0.0.0.0 inet6 2001:1111:2222:aaaa:0:5efe:c0a8:a01/64 scope global dynamic valid_lft 85977sec preferred_lft 13977sec inet6 fe80::5efe:c0a8:a01/64 scope link valid_lft forever preferred_lft forever The application I see this is strongswan (ikev2). When it establishes an connection it sends udp-packets to large for is0 (here 1316 data-bytes, strongswan says). For the tests I unloaded the netfilter modules so there should be no interference with the firewall or conntrack etc. Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists