lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 May 2016 18:17:34 +0800 From: Haishuang Yan <yanhaishuang@...s.chinamobile.com> To: "David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org> Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Haishuang Yan <yanhaishuang@...s.chinamobile.com> Subject: [PATCH v2 1/2] ip6_gre: Fix MTU setting for ip6gretap When creat an ip6gretap interface with an unreachable route, the MTU is about 14 bytes larger than what was needed. If the remote address is reachable: ping6 2001:0:130::1 -c 2 PING 2001:0:130::1(2001:0:130::1) 56 data bytes 64 bytes from 2001:0:130::1: icmp_seq=1 ttl=64 time=1.46 ms 64 bytes from 2001:0:130::1: icmp_seq=2 ttl=64 time=81.1 ms --- 2001:0:130::1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 1.465/41.316/81.167/39.851 ms ip link add ip6gretap1 type ip6gretap\ local 2001:0:130::2 remote 2001:0:130::1 ip link show ip6gretap1 11: ip6gretap1@...E: <BROADCAST,MULTICAST> mtu 1434 ... link/ether c2:f3:f8:c1:2c:bf brd ff:ff:ff:ff:ff:ff The MTU value 1434 is right. But if we delete the direct route: ip -6 route del 2001:0:130::/64 ping6 2001:0:130::1 -c 2 connect: Network is unreachable ip link add ip6gretap1 type ip6gretap\ local 2001:0:130::2 remote 2001:0:130::1 ip link show ip6gretap1 12: ip6gretap1@...E: <BROADCAST,MULTICAST> mtu 1448 ... link/ether 7e:e1:d2:c4:06:5e brd ff:ff:ff:ff:ff:ff Now, the MTU value 1448 is larger than what was needed. The reason is that if there is a reachable route, when run following code in ip6gre_tnl_link_config: if (p->flags & IP6_TNL_F_CAP_XMIT) { int strict = (ipv6_addr_type(&p->raddr) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); struct rt6_info *rt = rt6_lookup(t->net, &p->raddr, &p->laddr, p->link, strict); if (!rt) return; if (rt->dst.dev) { dev->hard_header_len = rt->dst.dev->hard_header_len + t_hlen; if (set_mtu) { dev->mtu = rt->dst.dev->mtu - t_hlen; if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) dev->mtu -= 8; if (dev->type == ARPHRD_ETHER) dev->mtu -= ETH_HLEN; if (dev->mtu < IPV6_MIN_MTU) dev->mtu = IPV6_MIN_MTU; } } ip6_rt_put(rt); } Because rt is not NULL here, so dev->mtu will subtract the ethernet header length later. But when rt is NULL, it just simply return, so dev->mtu doesn't update correctly in this situation. This patch first verify the dev->type is ARPHRD_ETHER for ip6gretap interface, and then decrease the mtu as early as possible. Signed-off-by: Haishuang Yan <yanhaishuang@...s.chinamobile.com> --- Changes in v2: - Make the commit message more clearer. --- net/ipv6/ip6_gre.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index 4541fa5..8ea5a4d 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -1029,6 +1029,8 @@ static int ip6gre_tunnel_init_common(struct net_device *dev) dev->hard_header_len = LL_MAX_HEADER + t_hlen; dev->mtu = ETH_DATA_LEN - t_hlen; + if (dev->type == ARPHRD_ETHER) + dev->mtu -= ETH_HLEN; if (!(tunnel->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) dev->mtu -= 8; -- 1.8.3.1
Powered by blists - more mailing lists