| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 May 2015 16:50:07 +0200 From: Florian Westphal <fw@...len.de> To: Maxime Bizon <mbizon@...ebox.fr> Cc: Florian Westphal <fw@...len.de>, David Miller <davem@...emloft.net>, netdev@...r.kernel.org, hannes@...essinduktion.org Subject: Re: [PATCH -next, V3 0/2] net: force refragmentation for DF reassembed skbs Maxime Bizon <mbizon@...ebox.fr> wrote: > On Fri, 2015-05-22 at 21:26 +0200, Florian Westphal wrote: > > But it does happen, see e.g. following bug report: > > http://marc.info/?l=linux-netdev&m=139870308431986&w=2 > > > > Maxime, do you recall what type of traffic generates > > the DF-fragments you reported? > > Yep > > We are an ISP and provide our own home gateway to the subscribers, which > ends up routing traffic of a large range of end user devices. > > In that case, the frag+DF traffic was seen in an exchange between a > femtocell and a femto GW during the IPsec IKE exchange, more precisely > on the IKE_AUTH message sent from the femto GW. Thanks, so it seems its used to push udp frag/defrag operation to end hosts. > You can contact me privately if you need more details. Its enough for me to know that this isn't random fluke, thanks. Dave, if you disagree, one possibility would be to strip DF bit on defrag/refrag when forwarding. However, I think that we should respect end host "wish", i.e. reject too big df fragment and also re-set DF on refrag so we don't conceal lower mtu in the network. Thanks, Florian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists