lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  4 Feb 2020 12:30:18 -0500
From:   Alexander Aring <alex.aring@...il.com>
To:     davem@...emloft.net
Cc:     kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org,
        netdev@...r.kernel.org, andrea.mayer@...roma2.it,
        dav.lebrun@...il.com, mcr@...delman.ca, stefan@...enfreihafen.org,
        Alexander Aring <alex.aring@...il.com>
Subject: [PATCH net 1/2] net: ipv6: seg6_iptunnel: set tunnel headroom to zero

This patch sets headroom of segmentation route tunnel to zero. The
headroom setting was introduced for mpls in commit 14972cbd34ff
("net: lwtunnel: Handle fragmentation") which sits on layer 2.5. As the
Linux interface MTU value is Layer 3 and don't consider anything before
that it is misleading to set the headroom value to anything than 0.

Example setup to trigger this issue:

ip netns add foo
ip link add veth0 type veth peer name veth1
ip link set veth1 netns foo
ip link set mtu 1280 dev veth0

ip link set veth0 up
ip -n foo link set veth1 up

ip addr add beef::1/64 dev veth0
ip -6 route add beef::3 encap seg6 mode encap segs beef::2 dev veth0

then do a:

ping beef::3

You the sendmsg() will return -EINVAL because the packet doesn't fit
into the IPv6 minimum MTU anymore. It was consider the headroom value
in their destination mtu which substracts whatever headroom is from
the interface MTU 1280.

Signed-off-by: Alexander Aring <alex.aring@...il.com>
---
 net/ipv6/seg6_iptunnel.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index ab7f124ff5d7..5b6e88f16e2d 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -449,8 +449,6 @@ static int seg6_build_state(struct nlattr *nla,
 	if (tuninfo->mode != SEG6_IPTUN_MODE_L2ENCAP)
 		newts->flags |= LWTUNNEL_STATE_OUTPUT_REDIRECT;
 
-	newts->headroom = seg6_lwt_headroom(tuninfo);
-
 	*ts = newts;
 
 	return 0;
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ