lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20100421.224846.78174700.davem@davemloft.net>
Date:	Wed, 21 Apr 2010 22:48:46 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	herbert@...dor.apana.org.au
Cc:	shanwei@...fujitsu.com, yoshfuji@...ux-ipv6.org,
	yjwei@...fujitsu.com, vladislav.yasevich@...com,
	kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org,
	kaber@...sh.net, eric.dumazet@...il.com, sri@...ibm.com,
	netdev@...r.kernel.org, linux-sctp@...r.kernel.org
Subject: Re: [PATCH BUG-FIX] ipv6: allow to send packet after receiving
 ICMPv6 Too Big message with MTU field less than IPV6_MIN_MTU

From: Herbert Xu <herbert@...dor.apana.org.au>
Date: Mon, 19 Apr 2010 11:55:35 +0800

> On Mon, Apr 19, 2010 at 10:58:22AM +0800, Shan Wei wrote:
>> 
>> According to RFC2460, PMTU is set to the IPv6 Minimum Link
>> MTU (1280) and a fragment header should always be included
>> after a node receiving Too Big message reporting PMTU is
>> less than the IPv6 Minimum Link MTU.
>> 
>> After receiving a ICMPv6 Too Big message reporting PMTU is
>> less than the IPv6 Minimum Link MTU, sctp *can't* send any
>> data/control chunk that total length including IPv6 head 
>> and IPv6 extend head is less than IPV6_MIN_MTU(1280 bytes).
>> 
>> The failure occured in p6_fragment(), about reason 
>> see following(take SHUTDOWN chunk for example):
>> sctp_packet_transmit (SHUTDOWN chunk, len=16 byte)
>> |------sctp_v6_xmit (local_df=0)
>>    |------ip6_xmit
>>        |------ip6_output (dst_allfrag is ture)
>>            |------ip6_fragment
>> 
>> In ip6_fragment(), for local_df=0, drops the the packet
>> and returns EMSGSIZE.
>> 
>> The patch fixes it with adding check length of skb->len.
>> In this case, Ipv6 not to fragment upper protocol data,
>> just only add a fragment header before it. 
>> 
>> Signed-off-by: Shan Wei <shanwei@...fujitsu.com>
> 
> The patch looks good to me.
> 
> If we wanted to optimise the allfrags case it may be better
> to reserve the space beforehand and generate the fragment header
> at the same time as we're doing the IPv6 header.
> 
> But it can't be all that important as it's been broken for so
> many years.

Right, I've applied Shan's patch, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ