lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Feb 2016 12:33:19 +0000
From:	David Wragg <david@...ve.works>
To:	netdev@...r.kernel.org, dev@...nvswitch.org
Cc:	Jesse Gross <jesse@...nel.org>, Tom Herbert <tom@...bertland.com>,
	David Wragg <david@...ve.works>
Subject: [PATCH net] geneve: Refine MTU limit

While GENEVE allows variable length options, the maximum length of the
options is 63 * 4 bytes.  So we can reasonably set an MTU limit other
than IP_MAX_MTU, as the other tunnel devices do.

Signed-off-by: David Wragg <david@...ve.works>
---
 drivers/net/geneve.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 028e387..f57f9bc 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -37,6 +37,9 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
 
 #define GENEVE_VER 0
 #define GENEVE_BASE_HLEN (sizeof(struct udphdr) + sizeof(struct genevehdr))
+#define GENEVE_MAX_OPTIONS_LEN (63 * 4)
+#define GENEVE_MAX_MTU (IP_MAX_MTU - sizeof(struct iphdr) - GENEVE_BASE_HLEN \
+						- GENEVE_MAX_OPTIONS_LEN)
 
 /* per-network namespace private data for this module */
 struct geneve_net {
@@ -1041,11 +1044,9 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev)
 
 static int geneve_change_mtu(struct net_device *dev, int new_mtu)
 {
-	/* GENEVE overhead is not fixed, so we can't enforce a more
-	 * precise max MTU.
-	 */
-	if (new_mtu < 68 || new_mtu > IP_MAX_MTU)
+	if (new_mtu < 68 || new_mtu > GENEVE_MAX_MTU)
 		return -EINVAL;
+
 	dev->mtu = new_mtu;
 	return 0;
 }
@@ -1459,7 +1460,7 @@ struct net_device *geneve_dev_create_fb(struct net *net, const char *name,
 	/* openvswitch users expect packet sizes to be unrestricted,
 	 * so set the largest MTU we can.
 	 */
-	err = geneve_change_mtu(dev, IP_MAX_MTU);
+	err = geneve_change_mtu(dev, GENEVE_MAX_MTU);
 	if (err)
 		goto err;
 
-- 
2.5.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ