| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Nov 2020 04:31:18 +0000 From: "Bhat, Jayalakshmi Manjunath" <jayalakshmi.bhat@...com> To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Question of ESP failure when device receives Packet Too Big ICMPv6 message Hi All, We have the below scenario. Devices are IPsec tunnel mode configured. Ref device sends fragmented ping requests. Our device responds with unfragmented ping response. Router send packet too big with proposed MTU as 1280 and payload as ESP packet number 3. As soon as our device receives the Packet Too Big ICMPv6 packet, device becomes unresponsive for the next ping request from ref device. However our device is responding for ISAKMP informational messages from the ref device. Has anyone experience such issues. Our device configuration are Linux 4.9.180 #1 SMP PREEMPT Fri Oct 23 23:29:20 America 2020 aarch64 GNU/Linux. Any inputs are welcomed. Our device Router Ref device PKt Num <------------------------------ |---------------- Fragmented Ping Request 1 (ESP) <------------------------------ |---------------- Fragmented Ping Request 2 (ESP) -------------------------------- |---------------> Unfragmented ping response 3 (ESP <------------------------------ | 4 (non ESP) (Packet too big) <------------------------------ |---------------- Fragmented Ping Request 5 (ESP) <------------------------------ |---------------- Fragmented Ping Request 6 (ESP) Regards, Jayalakshmi
Powered by blists - more mailing lists