lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e73981c3-608f-4ea0-9812-f840a9d0e100@redhat.com>
Date: Tue, 1 Oct 2024 13:03:37 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Anton Danilov <littlesmilingcloud@...il.com>, netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>, David Ahern
 <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Shigeru Yoshida <syoshida@...hat.com>,
 Suman Ghosh <sumang@...vell.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v3] ipv4: ip_gre: Fix drops of small packets in
 ipgre_xmit

On 9/25/24 01:51, Anton Danilov wrote:
> Regression Description:
> 
> Depending on the options specified for the GRE tunnel device, small
> packets may be dropped. This occurs because the pskb_network_may_pull
> function fails due to the packet's insufficient length.
> 
> For example, if only the okey option is specified for the tunnel device,
> original (before encapsulation) packets smaller than 28 bytes (including
> the IPv4 header) will be dropped. This happens because the required
> length is calculated relative to the network header, not the skb->head.
> 
> Here is how the required length is computed and checked:
> 
> * The pull_len variable is set to 28 bytes, consisting of:
>    * IPv4 header: 20 bytes
>    * GRE header with Key field: 8 bytes
> 
> * The pskb_network_may_pull function adds the network offset, shifting
> the checkable space further to the beginning of the network header and
> extending it to the beginning of the packet. As a result, the end of
> the checkable space occurs beyond the actual end of the packet.
> 
> Instead of ensuring that 28 bytes are present in skb->head, the function
> is requesting these 28 bytes starting from the network header. For small
> packets, this requested length exceeds the actual packet size, causing
> the check to fail and the packets to be dropped.
> 
> This issue affects both locally originated and forwarded packets in
> DMVPN-like setups.
> 
> How to reproduce (for local originated packets):
> 
>    ip link add dev gre1 type gre ikey 1.9.8.4 okey 1.9.8.4 \
>            local <your-ip> remote 0.0.0.0
> 
>    ip link set mtu 1400 dev gre1
>    ip link set up dev gre1
>    ip address add 192.168.13.1/24 dev gre1
>    ip neighbor add 192.168.13.2 lladdr <remote-ip> dev gre1
>    ping -s 1374 -c 10 192.168.13.2
>    tcpdump -vni gre1
>    tcpdump -vni <your-ext-iface> 'ip proto 47'
>    ip -s -s -d link show dev gre1
> 
> Solution:
> 
> Use the pskb_may_pull function instead the pskb_network_may_pull.
> 
> Fixes: 80d875cfc9d3 ("ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()")
> 
> Signed-off-by: Anton Danilov <littlesmilingcloud@...il.com>

For future submissions, please note that there should be no empty line 
in the tag area - i.e. no empty line between 'Fixes' and SoB.

Thanks,

Paolo


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ