lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 30 May 2019 10:35:08 +0200
From:   "Steinar H. Gunderson" <>
To:     Alexey Kuznetsov <>
Subject: EoGRE sends undersized frames without padding


I'm trying to connect some VMs over EoGRE (using gretap on my side):

  ip link add foo type gretap remote <remote> local <local>

This works fine for large packets, but the system in the other end
drops smaller packets, such as ARP requests and small ICMP pings.

After looking at the GRE packets in Wireshark, it turns out the Ethernet
packets within the EoGRE packet is undersized (under 60 bytes), and Linux
doesn't pad them. I haven't found anything in RFC 7637 that says anything
about padding, so I would assume it should conform to the usual Ethernet
padding rules, ie., pad to at least ETH_ZLEN. However, nothing in Linux' IP
stack seems to actually do this, which means that when the packet is
decapsulated in the other end and put on the (potentially virtual) wire,
it gets dropped. The other system properly pads its small frames when sending

Is there a way to get around this, short of looping the packets out through a
physical wire to get the padding? Is it simply a bug? I've been testing with
4.19.28, but it doesn't look like git master has any changes in this area.

/* Steinar */

Powered by blists - more mailing lists