lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 Nov 2013 09:54:50 -0500 (EST)
From:	Pietro Paolini <pulsarpietro@....com>
To:	linux-kernel@...r.kernel.org
Subject: IPIP6 Linux Kernel Implementation

Hello everyone,

I am writing you regarding the implementation of the IPIP6 tunnel
contained in the Linux Kernel which I am trying to configure in order
to obtain a DS-Lite (IPIP6) compliant tunnel on a router running a
linux OS kernel version 2.6.33.

This my network topology :

lan --> tun1 --> eth0

where the MTU of all links is 1500.

My problem comes up when the packet size of the incoming IPv4 datagram
on my LAN interface is close to the MTU (1496 byte) : then the packet
is "lost" in the file ip6_tunnel.c module at this point :

linux-2.6.33.5/net/ipv6/ip6_tunnel.c
function ip6_tnl_xmit2()
{
....
        mtu = dst_mtu(dst) - sizeof (*ipv6h);
        if (skb->len > mtu) {              --> 1496 > 1460 <--
                *pmtu = mtu;
                err = -EMSGSIZE;
                goto tx_err_dst_release;
        }
....
}

As I understand, I could be wrong of course,  IPv6 fragmentation is not
handled in that module and packets bigger then the mtu - sizeof(IPv6)
are discarded; I am wondering if I can find a workaround in order to
solve this problem as in some way use the IPv6 stack which I assume
handles fragmentation - I could be again wrong - or implement it in the
ip6_tunnel.c module.

I am not an experienced kernel developer then is important for me
understand if I am in the right direction and Linux kernel really does
not provide this feature in a IPIP6 tunnel or if I am wrong; I need to
have that for the implementation of a DS-Lite tunnel which as defined
in the RFC6333 Section 5.3 requires IPv6 packet fragmentation.

Thanks a lot,
Pietro.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ