lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 May 2015 00:18:51 -0700 From: Alexander Duyck <alexander.duyck@...il.com> To: Steffen Klassert <steffen.klassert@...unet.com>, Alexander Duyck <alexander.h.duyck@...hat.com> CC: davem@...emloft.net, herbert@...dor.apana.org.au, netdev@...r.kernel.org, linux-crypto@...r.kernel.org Subject: Re: [PATCH] xfrm6: Do not use xfrm_local_error for path MTU issues in tunnels On 05/27/2015 10:36 PM, Steffen Klassert wrote: > On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote: >> This change makes it so that we use icmpv6_send to report PMTU issues back >> into tunnels in the case that the resulting packet is larger than the MTU >> of the outgoing interface. Previously xfrm_local_error was being used in >> this case, however this was resulting in no changes, I suspect due to the >> fact that the tunnel itself was being kept out of the loop. >> >> This patch fixes PMTU problems seen on ip6_vti tunnels and is based on the >> behavior seen if the socket was orphaned. Instead of requiring the socket >> to be orphaned this patch simply defaults to using icmpv6_send in the case >> that the frame came though a tunnel. > We can use icmpv6_send() just in the case that the packet > was already transmitted by a tunnel device, otherwise we > get the bug back that I mentioned in my other mail. > > Not sure if we have something to know that the packet > traversed a tunnel device. That's what I asked in the > thread 'Looking for a lost patch'. Okay I will try to do some more digging. From what I can tell right now it looks like my ping attempts are getting hung up on the xfrm_local_error in __xfrm6_output. I wonder if we couldn't somehow make use of the skb->cb to store a pointer to the tunnel that could be checked to determine if we are going through a VTI or not. - Alex -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists