| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Jun 2014 14:10:13 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: eric.dumazet@...il.com
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH net] net: fix inet_getid() and ipv6_select_ident() bugs
From: Eric Dumazet <eric.dumazet@...il.com>
Date: Thu, 29 May 2014 08:45:14 -0700
> From: Eric Dumazet <edumazet@...gle.com>
>
> I noticed we were sending wrong IPv4 ID in TCP flows when MTU discovery
> is disabled.
> Note how GSO/TSO packets do not have monotonically incrementing ID.
>
> 06:37:41.575531 IP (id 14227, proto: TCP (6), length: 4396)
> 06:37:41.575534 IP (id 14272, proto: TCP (6), length: 65212)
> 06:37:41.575544 IP (id 14312, proto: TCP (6), length: 57972)
> 06:37:41.575678 IP (id 14317, proto: TCP (6), length: 7292)
> 06:37:41.575683 IP (id 14361, proto: TCP (6), length: 63764)
>
> It appears I introduced this bug in linux-3.1.
>
> inet_getid() must return the old value of peer->ip_id_count,
> not the new one.
>
> Lets revert this part, and remove the prevention of
> a null identification field in IPv6 Fragment Extension Header,
> which is dubious and not even done properly.
>
> Fixes: 87c48fa3b463 ("ipv6: make fragment identifications less predictable")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Applied and queued up for -stable, thanks for the heads up about the
merge conflict with net-next.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists