lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 18 Jan 2012 14:44:09 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Tore Anderson <tore@....no>
Cc:	netdev <netdev@...r.kernel.org>
Subject: Re: Bugzilla 42595

Le mercredi 18 janvier 2012 à 11:58 +0100, Eric Dumazet a écrit :
> Le mercredi 18 janvier 2012 à 00:43 +0100, Eric Dumazet a écrit :
> > Le mardi 17 janvier 2012 à 21:03 +0100, Tore Anderson a écrit :
> > 
> > > 
> > > 3) There seems to be a bug related to generating the TCP checksum of
> > > SYN/ACK packets to destinations with the allfrag features set. I just
> > > submitted a bug report about this:
> > > 
> > > https://bugzilla.kernel.org/show_bug.cgi?id=42595
> > > 
> > > This makes the allfrag feature pretty much useless for me, as I can only
> > > successfully establish a single TCP session from a client behind a <1280
> > > MTU link for the entire lifetime of the routing cache entry.
> > > 
> > 
> > It seems we dont handle skb ip_summed CHECKSUM_PARTIAL 
> > in ip6_fragment() slow_path
> 
> 
> and many drivers dont handle the presence of a frag header.
> 
> if (ipv6_hdr(skb)->nexthdr == IPPROTO_TCP)
> 
> I suspect we'll have to compute the checksum in software...
> 

Following patch seems to help for me, please test it ;)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index d97e071..92ea301 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -791,6 +791,10 @@ slow_path_clean:
 	}
 
 slow_path:
+	if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
+	    skb_checksum_help(skb))
+		goto fail;
+
 	left = skb->len - hlen;		/* Space per frame */
 	ptr = hlen;			/* Where to start from */
 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists