| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Aug 2012 10:16:59 +0300 (EEST)
From: Julian Anastasov <ja@....bg>
To: Hans Schillstrom <hans@...illstrom.com>
cc: Jesper Dangaard Brouer <brouer@...hat.com>,
Patrick McHardy <kaber@...sh.net>,
netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
Hans Schillstrom <hans.schillstrom@...csson.com>
Subject: Re[2]: [PATCH 05/19] netfilter: nf_conntrack_ipv6: improve
fragmentation handling
Hello,
On Wed, 22 Aug 2012, Julian Anastasov wrote:
> On Wed, 22 Aug 2012, Hans Schillstrom wrote:
>
> > >Perhaps we could change/fix the MTU check in IPVS?
> > >(This would also solve issues I've seen with TSO/GSO frames, hitting
> > >this code path).
> > >
> > I ran into this as well,
> > try this for the mtu check.
> >
> > if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) ||
> > (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
>
> Better without local_df check, it is our job to
> set it.
Ops, sorry. It seems now nf_ct_frag6_reasm (Patch 02/18)
will set head->local_df = 1, so we should check local_df
as Hans said.
Regards
--
Julian Anastasov <ja@....bg>
Powered by blists - more mailing lists