lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1448402510.1490470.449206321.69897BEE@webmail.messagingengine.com>
Date:	Tue, 24 Nov 2015 23:01:50 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Miller <davem@...emloft.net>, mkubecek@...e.cz
Cc:	yoshfuji@...ux-ipv6.org, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org, coreteam@...filter.org,
	linux-kernel@...r.kernel.org, kuznet@....inr.ac.ru,
	jmorris@...ei.org, kaber@...sh.net, pablo@...filter.org,
	kadlec@...ckhole.kfki.hu
Subject: Re: [PATCH net] ipv6: distinguish frag queues by device for multicast
 and link-local packets

On Tue, Nov 24, 2015, at 22:46, David Miller wrote:
> From: Michal Kubecek <mkubecek@...e.cz>
> Date: Tue, 24 Nov 2015 15:07:11 +0100 (CET)
> 
> > If a fragmented multicast packet is received on an ethernet device which
> > has an active macvlan on top of it, each fragment is duplicated and
> > received both on the underlying device and the macvlan. If some
> > fragments for macvlan are processed before the whole packet for the
> > underlying device is reassembled, the "overlapping fragments" test in
> > ip6_frag_queue() discards the whole fragment queue.
> > 
> > To resolve this, add device ifindex to the search key and require it to
> > match reassembling multicast packets and packets to link-local
> > addresses.
> > 
> > Note: similar patch has been already submitted by Yoshifuji Hideaki in
> > 
> >   http://patchwork.ozlabs.org/patch/220979/
> > 
> > but got lost and forgotten for some reason.
> > 
> > Signed-off-by: Michal Kubecek <mkubecek@...e.cz>
> 
> This is definitely the right thing to do and matches how ipv4 keys
> fragments.
> 
> Applied and queued up for -stable, thanks!

I reviewed it earlier and agree last time that this patch is necessary.
Unfortunately forgot to ack before. :(

Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>

In IPv4 as in IPv6 global addresses we have to expect packets coming
over multiple interfaces, it is only correct for local and multicast
scoped addresses. In IPv4 we don't really key the device index, only in
case of an vrf interface.

Thanks,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ