lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1525970887-26600-1-git-send-email-ashwanth@codeaurora.org>
Date:   Thu, 10 May 2018 22:18:07 +0530
From:   Ashwanth Goli <ashwanth@...eaurora.org>
To:     netdev@...r.kernel.org, davem@...emloft.net
Cc:     pabeni@...hat.com, dsahern@...il.com
Subject: [PATCH] [PATCH net v2] ipv6: remove min MTU check for ipsec tunnels

With 749439bfac "fix udpv6 sendmsg crash caused by too small MTU"
ipsec tunnels that report a MTU less than IPV6_MIN_MTU are broken
even for packets that are smaller than IPV6_MIN_MTU.

According to rfc2473#section-7.1

    if the original IPv6 packet is equal or  smaller  than  the
    IPv6 minimum link MTU, the tunnel entry-point node
    encapsulates the original packet, and subsequently
    fragments the resulting IPv6 tunnel packet into IPv6
    fragments that do not exceed the Path MTU to the tunnel
    exit-point.

Dropping the MTU check for ipsec tunnel destinations.

Signed-off-by: Ashwanth Goli <ashwanth@...eaurora.org>
---
 net/ipv6/ip6_output.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 2e891d2..c4c3313 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1235,7 +1235,7 @@ static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
 		if (np->frag_size)
 			mtu = np->frag_size;
 	}
-	if (mtu < IPV6_MIN_MTU)
+	if (!(rt->dst.flags & DST_XFRM_TUNNEL) && mtu < IPV6_MIN_MTU)
 		return -EINVAL;
 	cork->base.fragsize = mtu;
 	if (dst_allfrag(xfrm_dst_path(&rt->dst)))
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ