lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Feb 2014 01:20:40 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	netdev@...r.kernel.org
Subject: [PATCH net 0/3] yet another new mtu discovery mode

Hi!

After my proposal for weakening the IP_PMTUDISC_INTERFACE mode to
produce fragments if the packet size exceeds the outgoing interface mtu
was rightfully rejected, I am now in the really bad position to have to
propose yet another IP_MTU_DISCOVER mode (I don't like to do that at all,
especially because I argued so favorably for the IP_PMTUDISC_INTERFACE
mode :( ).

Currently unbound and bind kind of use a fire-and-forget logic in
the UDP output path and are not propagating errors back. To use
IP_PMTUDISC_INTERFACE correctly, I would need to have access to the
unserialized dns data while trying the first send, checking for EMSGSIZE
and in case the syscall failed with EMSGSIZE, altering the dns data by
removing everything but question section and setting TC=1 and remembering
the new minimal outgoing udp packet size globally. The unserialized dns
data is mostly not available at that point the sending takes place.

That said, I propose this slightly weaker version of
IP_PMTUDISC_INTERFACE, which allows to send fragments if the packet
size exceeds the outgoing interface mtu. As such, I can now just change
IP_PMTUDISC_DONT, which is currently in use by dns software, to this new
option and we finally have fragmentation avoidance in dns. This option
seems much easier to support and will find users fast.

I propose this for the net branch, because I currently classify the logic
of IP_PMTUDISC_INTERFACE as flawed and want to fix this with this new
option. Hopefully IP_PMTUDISC_INTERFACE does still serve a purpose for
someone out there. Because of the preparations for IP_PMTUDISC_INTERFACE
the changes are not too big and it luckily doesn't need additional space
in the sock structs.

The first patch ensures we cut the packet into pieces of the size of
the interface mtu and not of the pmtu in case of IP_PMTUDISC_INTERFACE.

Thanks and very sorry for bloating kernel api,

  Hannes

Included patches:
 ipv4: use ip_skb_dst_mtu instead of
 ipv4: yet another new IP_MTU_DISCOVER option
 ipv6: yet another new IPV6_MTU_DISCOVER option

Diffstat:
 include/net/ip.h         |  9 ++++++++-
 include/net/ip6_route.h  |  9 ++++++++-
 include/uapi/linux/in.h  |  4 ++++
 include/uapi/linux/in6.h |  4 ++++
 net/ipv4/ip_output.c     | 12 ++++--------
 net/ipv4/ip_sockglue.c   |  2 +-
 net/ipv6/ip6_output.c    |  9 +++++----
 net/ipv6/ipv6_sockglue.c |  2 +-
 8 files changed, 35 insertions(+), 16 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ