lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200909031925.54197.cratiu@ixiacom.com>
Date:	Thu, 3 Sep 2009 19:25:53 +0300
From:	Cosmin Ratiu <cratiu@...acom.com>
To:	netdev@...r.kernel.org
Subject: [PATCH] ipv6: Fix tcp_v6_send_response(): it didn't set skb transport header

Hello,

Here is a patch which fixes an issue observed when using TCP over IPv6 and AH 
from IPsec.

When a connection gets closed the 4-way method and the last ACK from the 
server gets dropped, the subsequent FINs from the client do not get ACKed 
because tcp_v6_send_response does not set the transport header pointer. This 
causes ah6_output to try to allocate a lot of memory, which typically fails, 
so the ACKs never make it out of the stack.

I have reproduced the problem on kernel 2.6.7, but after looking at the latest 
kernel it seems the problem is still there.

Cosmin.

Signed-off-by: Cosmin Ratiu <cratiu@...acom.com>
---
 net/ipv6/tcp_ipv6.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)



View attachment "0001-ipv6-Fix-tcp_v6_send_response-it-didn-t-set-skb-trans.mbox" of type "text/x-patch" (467 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ