| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 May 2018 12:22:23 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ashwanth@...eaurora.org Cc: netdev@...r.kernel.org, pabeni@...hat.com, dsahern@...il.com Subject: Re: [PATCH] ipv6: remove min MTU check for tunnel destinations From: Ashwanth Goli <ashwanth@...eaurora.org> Date: Mon, 30 Apr 2018 00:36:47 +0530 > With 749439bfac "fix udpv6 sendmsg crash caused by too small MTU" > tunnel dst's that report a MTU less than IPV6_MIN_MTU are broken > even for packets that are smaller than IPV6_MIN_MTU. > > According to rfc2473#section-7.1 > > if the original IPv6 packet is equal or smaller than the > IPv6 minimum link MTU, the tunnel entry-point node > encapsulates the original packet, and subsequently > fragments the resulting IPv6 tunnel packet into IPv6 > fragments that do not exceed the Path MTU to the tunnel > exit-point. > > This patch drops the MTU check for tunnel destinations. > > Signed-off-by: Ashwanth Goli <ashwanth@...eaurora.org> RFC 2473 is generally about ipv6 tunnels.... > - if (mtu < IPV6_MIN_MTU) > + if (!(rt->dst.flags & DST_XFRM_TUNNEL) && mtu < IPV6_MIN_MTU) > return -EINVAL; But the check you are adding is specifically checking only IPSEC tunnels. If what you say is true in your commit message, this test must more generally trigger for all ipv6 tunnel types, not just IPSEC ones. If IPSEC tunnels are being targetting in this patch intentionally, that needs to be explained in the commit message.
Powered by blists - more mailing lists