lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Feb 2020 16:26:46 +0100 From: William Dauchy <w.dauchy@...teo.com> To: Nicolas Dichtel <nicolas.dichtel@...nd.com> Cc: netdev@...r.kernel.org Subject: Re: [PATCH v3 net] net, ip6_tunnel: enhance tunnel locate with link check On Thu, Feb 13, 2020 at 10:34:19AM +0100, Nicolas Dichtel wrote: > > mtu = ETH_DATA_LEN; > > if (t->parms.link) { > > tdev = __dev_get_by_index(t->net, t->parms.link); > > if (tdev && tdev->mtu < mtu) > Why this second condition? Why not allowing more than ETH_DATA_LEN (1500)? > ip_tunnels do: > if (tdev) { > > hlen = tdev->hard_header_len + tdev->needed_headroom; > > mtu = min(tdev->mtu, IP_MAX_MTU); > > } > which seems better. I wrongly mixed the two codes in my head as I wanted to take the lowest of the two values; will correct that; sorry for the confusion. > Note also that you patch ip6_tnl_dev_init_gen(), but ip6_tnl_link_config() is > called later and may adjust the mtu. I would suggest to take care of link mtu in > ip6_tnl_link_config(). agreed, I overlooked it. Unsure whether I can put it in CAP_XMIT condition as well. > hard_header_len is not set for ipv4 tunnels, but for ipv6 tunnels: > dev->hard_header_len = LL_MAX_HEADER + t_hlen; > > This is not the real value, I don't think you can calculate the real mtu based > on this. understood, I indeed did not noticed hard_header_len was not set in ip_tunnel. Best, -- William
Powered by blists - more mailing lists