lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20141106.143351.1534959887749218818.davem@davemloft.net>
Date:	Thu, 06 Nov 2014 14:33:51 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	steffen.klassert@...unet.com
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH RFC net] ip_tunnel: Respect the IP_DF bit of the inner
 packet.

From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Wed, 5 Nov 2014 09:09:30 +0100

> The pmtu calculation depends on the IP_DF bit in tnl_update_pmtu().
> If the IP_DF bit is set, the pmtu calculation is based on the outer
> packet size. Otherwise it is based on the inner packet size.
> If xfrm is used after tunneling through an ipip device, the mtu of
> the outer device can be lower than the mtu of the ipip device.
> Reporting the mtu of the ipip device is wrong in this case. So
> respect the IP_DF bit of the inner packet on ipv4 to report the
> calculated mtu of the outer device.
> 
> Fixes: fd58156e456d ("IPIP: Use ip-tunneling code.")
> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
> ---
> 
> I marked this as RFC because it affects the mtu calculation of
> gre tunnels too. I think it should be ok, but I have no testcase
> to confirm the correctness for gre tunnels. So would be good if
> someone with gre knowlegde could look at this.
> 
> If it turns out that we can't do that for gre, we need to
> split this code back into a gre and an ipip version.

Looking quickly at this, the don't-frag handling in the
pre-ip-tunneling GRE code conversion used different conditions
wrt. calculating 'df'.

It takes the frag off from skb->data's IPH when skb->protocol
is GRE, for example.

So we may have to do this split.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ