lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20100421.224846.78174700.davem@davemloft.net> Date: Wed, 21 Apr 2010 22:48:46 -0700 (PDT) From: David Miller <davem@...emloft.net> To: herbert@...dor.apana.org.au Cc: shanwei@...fujitsu.com, yoshfuji@...ux-ipv6.org, yjwei@...fujitsu.com, vladislav.yasevich@...com, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, kaber@...sh.net, eric.dumazet@...il.com, sri@...ibm.com, netdev@...r.kernel.org, linux-sctp@...r.kernel.org Subject: Re: [PATCH BUG-FIX] ipv6: allow to send packet after receiving ICMPv6 Too Big message with MTU field less than IPV6_MIN_MTU From: Herbert Xu <herbert@...dor.apana.org.au> Date: Mon, 19 Apr 2010 11:55:35 +0800 > On Mon, Apr 19, 2010 at 10:58:22AM +0800, Shan Wei wrote: >> >> According to RFC2460, PMTU is set to the IPv6 Minimum Link >> MTU (1280) and a fragment header should always be included >> after a node receiving Too Big message reporting PMTU is >> less than the IPv6 Minimum Link MTU. >> >> After receiving a ICMPv6 Too Big message reporting PMTU is >> less than the IPv6 Minimum Link MTU, sctp *can't* send any >> data/control chunk that total length including IPv6 head >> and IPv6 extend head is less than IPV6_MIN_MTU(1280 bytes). >> >> The failure occured in p6_fragment(), about reason >> see following(take SHUTDOWN chunk for example): >> sctp_packet_transmit (SHUTDOWN chunk, len=16 byte) >> |------sctp_v6_xmit (local_df=0) >> |------ip6_xmit >> |------ip6_output (dst_allfrag is ture) >> |------ip6_fragment >> >> In ip6_fragment(), for local_df=0, drops the the packet >> and returns EMSGSIZE. >> >> The patch fixes it with adding check length of skb->len. >> In this case, Ipv6 not to fragment upper protocol data, >> just only add a fragment header before it. >> >> Signed-off-by: Shan Wei <shanwei@...fujitsu.com> > > The patch looks good to me. > > If we wanted to optimise the allfrags case it may be better > to reserve the space beforehand and generate the fragment header > at the same time as we're doing the IPv6 header. > > But it can't be all that important as it's been broken for so > many years. Right, I've applied Shan's patch, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists