| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191122.100438.416583996458136747.davem@davemloft.net>
Date: Fri, 22 Nov 2019 10:04:38 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: liuhangbin@...il.com
Cc: netdev@...r.kernel.org, ja@....bg, marcelo.leitner@...il.com,
dsahern@...il.com, edumazet@...gle.com
Subject: Re: [PATCH net] ipv6/route: only update neigh confirm time if pmtu
changed
From: Hangbin Liu <liuhangbin@...il.com>
Date: Fri, 22 Nov 2019 14:19:19 +0800
> The reason is when we ping6 remote via gretap, we will call like
>
> gre_tap_xmit()
> - ip_tunnel_xmit()
> - tnl_update_pmtu()
> - skb_dst_update_pmtu()
> - ip6_rt_update_pmtu()
> - __ip6_rt_update_pmtu()
> - dst_confirm_neigh()
> - ip6_confirm_neigh()
> - __ipv6_confirm_neigh()
> - n->confirmed = now
This whole callchain violates the assumptions of the MTU update
machinery.
In this case it's just the tunneling code accounting for the
encapsulation it is creating, and checking the MTU just in case.
But the MTU update code is supposed to be invoked in response to real
networking events that update the PMTU.
So for this ip_tunnel_xmit() case, _EVEN_ if the MTU is changed, we
should not be invoking dst_confirm_neigh() as we have no evidence
of successful two-way communication at this point.
We have to stop papering over the tunneling code's abuse of the PMTU
update framework and do this properly.
Sorry, I'm not applying this.
Powered by blists - more mailing lists