lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 19 Aug 2015 07:31:13 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Prashant Upadhyaya <praupadhyaya@...il.com>
Cc:	netdev <netdev@...r.kernel.org>
Subject: Re: Problem with fragmented packets on tun/tap interface

On Wed, 2015-08-19 at 15:44 +0530, Prashant Upadhyaya wrote:


> Hi Eric,
> 
> For some reason, the dropping in the raw table does not work for me
> for the usecase, though I recognize that the raw table operations
> theory, when matched with my usecase theory, is the apparent solution.
> 
> I think the reason is that I use packet sockets with defrag option on
> so that it can select the right queue for load balancing purposes.
> 
> Anyway, not disappointed with the above, I stuck to my theory and
> tried a simple approach. To tie-break the reassembly/defrag done by
> the kernel from the packets from the eth0 and the packets submitted
> from tap (via application), I made a small change in the application.
> I detected that the packets are fragmented in the app, and bumped up
> the 'Identification' field in the IP header and re-checksummed the IP
> header and then submitted it to tap. Since reassembly/defrag is done
> on the basis of srcip, destip, protocol and Identification field
> tupple from IP header, I expected it to work and it does !
> 
> So there we are, I have a nice little solution in place which suits me.

Another idea would have to put your tap device and ethernet device in
different namespaces, as the defrag unit is namespace aware.

Looks like eth0 could be put in a completely new namespace as it holds
no IP address ?

ip netns add eth0ns
ip link set eth0 netns eth0ns


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ