lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 8 Jun 2016 08:41:31 +0000
From:	Alan Davey <Alan.Davey@...aswitch.com>
To:	David Miller <davem@...emloft.net>
CC:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>,
	"jmorris@...ei.org" <jmorris@...ei.org>,
	"yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>,
	"kaber@...sh.net" <kaber@...sh.net>
Subject: RE: [PATCH] net: Fragment large datagrams even when IP_HDRINCL is
 set.

Hi David

Thank you for your email.  I understand raw IP sockets have worked this way for a long time, but I think that there is real benefit in this patch for little risk.  Please take a look at the following and let me know what you think.

-  The current behaviour is counter-intuitive (fragmentation takes place in all other cases) and therefore different to what everyone expects.

-  Consequently, everyone has to fix the same bug and work around it by fragmenting in their application (we have seen this happen several dozen times just in our experience).

-  The end result is that the fragmentation code ends up being implemented in many places, instead of just once, using the existing kernel code.

-  The patch is a low risk fix; removing 5 lines of code and using existing code to perform the fragmentation.  It should be back-compatible because
    o  existing code written to work round the feature will continue to work
    o  it seems very unlikely that anyone relies on the current behaviour of oversized packets being rejected, and would not prefer the new behavior.  

Therefore, whether it is a bug or a feature, I think there is value in fixing the behaviour.

Regards
Alan

-----Original Message-----
From: David Miller [mailto:davem@...emloft.net] 
Sent: 31 May 2016 19:39
To: Alan Davey <Alan.Davey@...aswitch.com>
Cc: netdev@...r.kernel.org; kuznet@....inr.ac.ru; jmorris@...ei.org; yoshfuji@...ux-ipv6.org; kaber@...sh.net
Subject: Re: [PATCH] net: Fragment large datagrams even when IP_HDRINCL is set.

From: Alan Davey <alan.davey@...aswitch.com>
Date: Mon, 23 May 2016 15:23:45 +0100

> One of the bugs documented in the raw(7) man page is as follows: When 
> the IP_HDRINCL option is set, datagrams will not be fragmented and are 
> limited to the interface MTU.
> 
> This patch fixes the bug by removing the check for "length > rt->dst.dev->mtu"
> in raw_send_hdrinc() (net/ipv4/raw.c).  Datagrams are no longer 
> limited to the interface MTU size if the IP_HDRINCL option is set, but 
> are fragmented, if necessary, in the same way as all other datagrams.
> 
> Signed-off-by: Alan Davey <alan.davey@...aswitch.com>

This is not a bug, it's a feature and it's how RAW ipv4 sockets have behaved for two decades.

If the user wants to use hdr inclusion, he can send multiple frames and set the fragmentation bits appropriately.

I'm not applying this patch.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ