lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 5 Nov 2014 09:09:30 +0100
From:	Steffen Klassert <steffen.klassert@...unet.com>
To:	<netdev@...r.kernel.org>
Subject: [PATCH RFC net] ip_tunnel: Respect the IP_DF bit of the inner packet.

The pmtu calculation depends on the IP_DF bit in tnl_update_pmtu().
If the IP_DF bit is set, the pmtu calculation is based on the outer
packet size. Otherwise it is based on the inner packet size.
If xfrm is used after tunneling through an ipip device, the mtu of
the outer device can be lower than the mtu of the ipip device.
Reporting the mtu of the ipip device is wrong in this case. So
respect the IP_DF bit of the inner packet on ipv4 to report the
calculated mtu of the outer device.

Fixes: fd58156e456d ("IPIP: Use ip-tunneling code.")
Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
---

I marked this as RFC because it affects the mtu calculation of
gre tunnels too. I think it should be ok, but I have no testcase
to confirm the correctness for gre tunnels. So would be good if
someone with gre knowlegde could look at this.

If it turns out that we can't do that for gre, we need to
split this code back into a gre and an ipip version.

 net/ipv4/ip_tunnel.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 0bb8e14..f6f2d10 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -738,7 +738,11 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
 		goto tx_error;
 	}
 
-	if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) {
+	df = tnl_params->frag_off;
+	if (skb->protocol == htons(ETH_P_IP))
+		df |= (inner_iph->frag_off&htons(IP_DF));
+
+	if (tnl_update_pmtu(dev, skb, rt, df)) {
 		ip_rt_put(rt);
 		goto tx_error;
 	}
@@ -767,10 +771,6 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
 			ttl = ip4_dst_hoplimit(&rt->dst);
 	}
 
-	df = tnl_params->frag_off;
-	if (skb->protocol == htons(ETH_P_IP))
-		df |= (inner_iph->frag_off&htons(IP_DF));
-
 	max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
 			+ rt->dst.header_len + ip_encap_hlen(&tunnel->encap);
 	if (max_headroom > dev->needed_headroom)
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ