lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 6 Jul 2018 14:59:56 +0200
From:   Georg Kohmann <geokohma@...co.com>
To:     netdev@...r.kernel.org
Subject: [PATCH] ipv6: icmp: Updating pmtu for link local route

When a ICMPV6_PKT_TOOBIG is received from a link local address the pmtu 
will be updated on a route with an arbitrary interface index. Subsequent 
packets sent back to the same link local address may therefore end up 
not considering the updated pmtu.

Current behavior breaks TAHI v6LC4.1.4 Reduce PMTU On-link.
Referring to RFC 1981: Section 3:
"Note that Path MTU Discovery must be performed even in cases where a 
node "thinks" a destination is attached to the same link as itself. In a 
situation such as when a neighboring router acts as proxy [ND] for some 
destination, the destination can to appear to be directly connected but 
is in fact more than one hop away."

Using the interface index from the incoming ICMPV6_PKT_TOOBIG when 
updating the pmtu.

Signed-off-by: Georg Kohmann <geokohma@...co.com>
---
  net/ipv6/icmp.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index be491bf..7d0e9c7 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -92,7 +92,7 @@ static void icmpv6_err(struct sk_buff *skb, struct 
inet6_skb_parm *opt,
         struct net *net = dev_net(skb->dev);

         if (type == ICMPV6_PKT_TOOBIG)
-               ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, 
NULL));
+               ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, 
sock_net_uid(net, NULL));
         else if (type == NDISC_REDIRECT)
                 ip6_redirect(skb, net, skb->dev->ifindex, 0,
                              sock_net_uid(net, NULL));
---

Tested on kernel 4.4.38.
I am however worried that this patch may have consequences for other 
traffic on the same interface. Please advice or suggest at better approach.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ