lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080701143943.426c9f24@extreme>
Date:	Tue, 1 Jul 2008 14:39:43 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	"Adam Langley" <agl@...erialviolet.org>
Cc:	netdev@...r.kernel.org
Subject: Re: MD5 SG fix

On Tue, 1 Jul 2008 14:16:34 -0700
"Adam Langley" <agl@...erialviolet.org> wrote:

> I believe this patch fixes MD5 in the face of SG interfaces for IPv4. Stephen,
> could you test this because I don't get non-linear packets in my test network?
> The patch includes a debugging function which can be uncommented if you have
> issues.
> 
> If this works for you, I'll clean it up and perform the same fix for IPv6
> before submiting.
> 
> Sadly, I couldn't just pass in the SKB to the md5_hash function because there
> are several places where we don't have an SKB to hand (generating ACKs and
> RSTs, for example).
> 
> This patch is, obviously, semantically incongruent with [1] and [1] should be
> backed out before applying.
> 
> Cheers,
> 
> 
> AGL
> 
> 
> [1] http://marc.info/?l=linux-netdev&m=121459157816964&w=2
> 
> ---
> 
>  include/net/tcp.h     |   11 +++--
>  net/ipv4/tcp_ipv4.c   |  113 +++++++++++++++++++++++++++++++++++++------------
>  net/ipv4/tcp_output.c |   14 ++++--
>  3 files changed, 101 insertions(+), 37 deletions(-)
> 
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 633147c..4213379 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -1110,6 +1110,7 @@ union tcp_md5sum_block {
>  struct tcp_md5sig_pool {
>  	struct hash_desc	md5_desc;
>  	union tcp_md5sum_block	md5_blk;
> +	struct scatterlist sg[MAX_SKB_FRAGS + 3];
>  };
>  

I would rather see the pool used less and the stack used more.
Global context is more like FORTRAN common blocks.

My suggestion would be to have two hash functions, one that takes a block
for the cases of TCP SYN, etc. and another that takes an skb for data packets.

You still need to have some of the places that reset sk_route_caps otherwise
you will get TSO/GSO packets because of the resetting of route_caps after the SYN/ACK.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ