lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEh+42j5_SKku5EWexLi+1Ch4Eu=SoijMGSCYyZAd39GeMq8GQ@mail.gmail.com> Date: Sat, 9 Apr 2016 12:52:46 -0300 From: Jesse Gross <jesse@...nel.org> To: Alexander Duyck <alexander.duyck@...il.com> Cc: Alexander Duyck <aduyck@...antis.com>, Herbert Xu <herbert@...dor.apana.org.au>, Tom Herbert <tom@...bertland.com>, Eric Dumazet <edumazet@...gle.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: [RFC PATCH 07/11] GENEVE: Add option to mangle IP IDs on inner headers when using TSO On Fri, Apr 8, 2016 at 7:04 PM, Alexander Duyck <alexander.duyck@...il.com> wrote: > On Fri, Apr 8, 2016 at 2:40 PM, Jesse Gross <jesse@...nel.org> wrote: >> Maybe I missed it but I didn't see any checks for the DF bit being set >> when we transmit a packet with NETIF_F_TSO_MANGLEID. Even if I am >> comfortable mangling my IDs in the DF case, I don't think this would >> ever extend to non-DF packets. In the documentation you noted that it >> is the driver's responsibility to do this check but I couldn't find it >> in either ixgbe or igb. It would also be nice if the core stack could >> enforce it somehow as well rather than each driver. > > Yeah I had glossed over that in the igb and ixgbe patches. A check is > only really needed for the incrementing to non-incrementing case and I > wasn't sure how common it was to have TCP with an IP header that > didn't set the DF bit. In the case of the outer headers igb and ixgbe > will increment the IP ID always so we don't have to worry about if DF > is set of not there. For the inner headers I had fudged it a bit and > didn't add the validation. If needed I can see about adding that > shortly. TCP without the DF bit set is not the default but it is possible (it can be enabled by setting /proc/sys/net/ipv4/ip_no_pmtu_disc). I also did a quick check of some Internet services and at least some of them seem to return TCP without DF, so it's not too rare.
Powered by blists - more mailing lists