| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 Apr 2016 11:49:03 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Alexander Duyck <aduyck@...antis.com> Cc: herbert@...dor.apana.org.au, tom@...bertland.com, jesse@...nel.org, alexander.duyck@...il.com, edumazet@...gle.com, netdev@...r.kernel.org, davem@...emloft.net Subject: Re: [net PATCH 2/2] ipv4/GRO: Make GRO conform to RFC 6864 On Fri, 2016-04-01 at 11:05 -0700, Alexander Duyck wrote: > RFC 6864 states that the IPv4 ID field MUST NOT be used for purposes other > than fragmentation and reassembly. Currently we are looking at this field > as a way of identifying what frames can be aggregated and which cannot for > GRO. While this is valid for frames that do not have DF set, it is invalid > to do so if the bit is set. > > In addition we were generating IPv4 ID collisions when 2 or more flows were > interleaved over the same tunnel. To prevent that we store the result of > all IP ID checks via a "|=" instead of overwriting previous values. Note that for atomic datagrams (DF = 1), since fragmentation and reassembly can not occur, maybe some people use ID field for other purposes. For example, TCP stack tracks per socket ID generation, even if it sends DF=1 frames. Damn useful for tcpdump analysis and drop inference. With your change, the resulting GRO packet would propagate the ID of first frag. Most GSO/GSO engines will then provide a ID sequence, which might not match original packets. I do not particularly care, but it is worth mentioning that GRO+TSO would not be idempotent anymore.
Powered by blists - more mailing lists