lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 28 Jan 2021 02:12:16 +0000
From:   Vadim Fedorenko <vfedorenko@...ek.ru>
To:     Cong Wang <xiyou.wangcong@...il.com>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     Slava Bacherikov <mail@...va.cc>,
        Willem de Bruijn <willemb@...gle.com>,
        open list <linux-kernel@...r.kernel.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Xie He <xie.he.0141@...il.com>
Subject: Re: BUG: Incorrect MTU on GRE device if remote is unspecified

On 28.01.2021 01:38, Cong Wang wrote:
> On Wed, Jan 27, 2021 at 4:56 PM Jakub Kicinski <kuba@...nel.org> wrote:
>>
>> On Mon, 25 Jan 2021 22:10:10 +0200 Slava Bacherikov wrote:
>>> Hi, I'd like to report a regression. Currently, if you create GRE
>>> interface on the latest stable or LTS kernel (5.4 branch) with
>>> unspecified remote destination it's MTU will be adjusted for header size
>>> twice. For example:
>>>
>>> $ ip link add name test type gre local 127.0.0.32
>>> $ ip link show test | grep mtu
>>> 27: test@...E: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group
>>> default qlen 1000
>>>
>>> or with FOU
>>>
>>> $ ip link add name test2   type gre local 127.0.0.32 encap fou
>>> encap-sport auto encap-dport 6666
>>> $ ip link show test2 | grep mtu
>>> 28: test2@...E: <NOARP> mtu 1436 qdisc noop state DOWN mode DEFAULT
>>> group default qlen 1000
>>>
>>> The same happens with GUE too (MTU is 1428 instead of 1464).
>>> As you can see that MTU in first case is 1452 (1500 - 24 - 24) and with
>>> FOU it's 1436 (1500 - 32 - 32), GUE 1428 (1500 - 36 - 36). If remote
>>> address is specified MTU is correct.
>>>
>>> This regression caused by fdafed459998e2be0e877e6189b24cb7a0183224 commit.
>>
>> Cong is this one on your radar?
> 
> Yeah, I guess ipgre_link_update() somehow gets called twice,
> but I will need to look into it.
> 
> Thanks.
> 

Hi!
The problem is in ip_tunnel_bind_dev() where mtu is set for tunnel device.

   	if (tdev) {
		hlen = tdev->hard_header_len + tdev->needed_headroom;
		mtu = min(tdev->mtu, IP_MAX_MTU);
	}

	dev->needed_headroom = t_hlen + hlen;
	mtu -= (dev->hard_header_len + t_hlen);

ipgre_tunnel_init sets hard_header_len to tunnel->hlen + sizeof(*iph) and
ip_tunnel_bind_dev adds header overhead once again.

I'll post a patch a bit later but I need someone with extended tests.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ