| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070525081750.5ba4a411@zonk.pl>
Date: Fri, 25 May 2007 10:17:50 +0200
From: Adam Osuchowski <adwol@...k.pl>
To: bridge@...ts.linux-foundation.org
Cc: linux-kernel@...r.kernel.org
Subject: [BUG] Dropping fragmented IP packets within VLAN frames on bridge
There is a problem with fragmented IP packet sent within 802.1Q tagged
ethernet frame through bridge. Problem exists when conntrack is enabled
(i.e. nf_conntrack_ipv4 module is loaded). Then, such packets are not
fragmented again (after prior reassembling on bridge device) during
passing it to bridge enslaved NIC. It cause MTU exceeding and as a result
dropping packet.
Problem exists from kernel version 2.6.17 to 2.6.21.3 inclusive.
Below, there is a patch to fix it.
Regards.
--- linux-2.6.21.3.orig/net/bridge/br_netfilter.c 2007-05-25 09:56:15.000000000 +0200
+++ linux-2.6.21.3/net/bridge/br_netfilter.c 2007-05-25 10:11:42.000000000 +0200
@@ -731,7 +731,7 @@
static int br_nf_dev_queue_xmit(struct sk_buff *skb)
{
- if (skb->protocol == htons(ETH_P_IP) &&
+ if ((skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
skb->len > skb->dev->mtu &&
!skb_is_gso(skb))
return ip_fragment(skb, br_dev_queue_push_xmit);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists