lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Nov 2016 09:48:02 -0400 (EDT)
From:   Lance Richardson <lrichard@...hat.com>
To:     Shmulik Ladkani <shmulik.ladkani@...il.com>
Cc:     netdev@...r.kernel.org, fw@...len.de, jtluka@...hat.com,
        hannes@...essinduktion.org
Subject: Re: [PATCH net v3] ipv4: allow local fragmentation in
 ip_finish_output_gso()

> From: "Shmulik Ladkani" <shmulik.ladkani@...il.com>
> To: "Lance Richardson" <lrichard@...hat.com>
> Cc: netdev@...r.kernel.org, fw@...len.de, jtluka@...hat.com, hannes@...essinduktion.org
> Sent: Friday, November 4, 2016 5:24:09 AM
> Subject: Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()
> 
> Hi,
> 
> On Thu, 3 Nov 2016 09:06:27 -0400 (EDT) Lance Richardson
> <lrichard@...hat.com> wrote:
> > I'm not sure what could be added that would help, was there something
> > specific you had in mind?
> 
> How about something like this (preliminary, feel free to massage):
> 
> @@ -248,10 +248,16 @@ static int ip_finish_output_gso(struct net *net, struct
> sock *sk,
>  
>  	/* Slowpath -  GSO segment length is exceeding the dst MTU.
>  	 *
> -	 * This can happen in two cases:
> -	 * 1) TCP GRO packet, DF bit not set
> -	 * 2) skb arrived via virtio-net, we thus get TSO/GSO skbs directly
> -	 * from host network stack.
> +	 * This can happen in several cases:
> +	 *  - Forwarding of TCP GRO packet, DF bit not set
> +	 *  - Forwarding of skb arrived in a virtualization environment (from
> +	 *    virtio-net/vhost/tap) with TSO/GSO size set by other's network
> +	 *    stack
> +	 *  - Local GSO skb xmitted on an NETIF_F_TSO tunnel stacked over an
> +	 *    interface with a smaller mtu
> +	 *  - Arriving GRO skb (or GSO skb in a virtualized env) that gets L2
> +	 *    bridged to a NETIF_F_TSO tunnel stacked over an interface with an
> +	 *    insufficent mtu
>  	 */
>  	features = netif_skb_features(skb);
>  	BUILD_BUG_ON(sizeof(*IPCB(skb)) > SKB_SGO_CB_OFFSET);
> 

Thanks, that looks good to me. I can send a follow-up patch with this change,
if you like (there seems to be agreement that the original patch is OK).

   Lance

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ