lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Feb 2014 14:47:35 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Miller <davem@...emloft.net>
Cc:	xiyou.wangcong@...il.com, linux@...m.de, netdev@...r.kernel.org,
	eric.dumazet@...il.com, therbert@...gle.com
Subject: Re: [PATCH net v3] ipv4: ipv6: better estimate tunnel header cut for correct ufo handling

On Tue, Feb 25, 2014 at 06:27:46PM -0500, David Miller wrote:
> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
> Date: Mon, 24 Feb 2014 00:48:05 +0100
> 
> > Currently the UFO fragmentation process does not correctly handle inner
> > UDP frames.
>  ...
> > In this case fragmentation id is incremented and offset is not updated.
> > 
> > First, I aligned inet_gso_segment and ipv6_gso_segment:
> > * align naming of flags
> > * ipv6_gso_segment: setting skb->encapsulation is unnecessary, as we
> >   always ensure that the state of this flag is left untouched when
> >   returning from upper gso segmenation function
> > * ipv6_gso_segment: move skb_reset_inner_headers below updating the
> >   fragmentation header data, we don't care for updating fragmentation
> >   header data
> > * remove currently unneeded comment indicating skb->encapsulation might
> >   get changed by upper gso_segment callback (gre and udp-tunnel reset
> >   encapsulation after segmentation on each fragment)
> > 
> > If we encounter an IPIP or SIT gso skb we now check for the protocol ==
> > IPPROTO_UDP and that we at least have already traversed another ip(6)
> > protocol header.
> > 
> > The reason why we have to special case GSO_IPIP and GSO_SIT is that
> > we reset skb->encapsulation to 0 while skb_mac_gso_segment the inner
> > protocol of GSO_UDP_TUNNEL or GSO_GRE packets.
> > 
> > Reported-by: Wolfgang Walter <linux@...m.de>
> > Cc: Cong Wang <xiyou.wangcong@...il.com>
> > Cc: Tom Herbert <therbert@...gle.com>
> > Cc: Eric Dumazet <eric.dumazet@...il.com>
> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> 
> Applied, thanks Hannes.

This bug is present and was reported on v3.13 kernels, so I also would propose
this for v3.13. I hoped it would be clear from the thread, but should have
stated this more clearly.

It really is only appropriate there as this problem was introduced with
61c1db7fae21ed ("ipv6: sit: add GSO/TSO support") and cb32f511a70be8
("ipip: add GSO/TSO support"), both introduced in v3.13.

Thanks,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ