lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAGvuCg-FJM7LLcb5i6gfZLRWJBUyDrGyCyZ4xPVqek58-kAVbQ@mail.gmail.com>
Date:   Sun, 20 Jun 2021 19:58:36 -0300
From:   Juan Manuel Santos <godlike64@...il.com>
To:     davem@...emloft.net, yoshfuji@...ux-ipv6.org, dsahern@...nel.org
Cc:     netdev@...r.kernel.org
Subject: Fwd: WebRTC protocols broken when forwarding after a change to ip_dst_mtu_maybe_forward()

Hello,

Apologies if somebody receives this email twice. My first email was
filtered by the mailing list because gmail defaults to HTML. me--

I am writing to this mailing list because I believe based on the
maintainer list[1] that this is the correct place to report issues
like these, especially when unsure. I am a Gentoo user and I already
reported this downstream[2] but in my troubleshooting I was able to
confirm that linux-stable is affected, and possibly others.

The issue happens whenever a kernel version with a certain patch is
used in a gateway device doing IP forwarding for a LAN, such as a
Linux box running iptables / firewalld+iptables / firewalld+nftables.
It does not seem to matter which of the three methods is used, all are
affected. Applications inside the LAN using WebRTC (such as Google
Meet, Discord, etc) are affected. In the case of Meet, no video of any
participant can be seen, although audio works. In the case of Discord,
neither audio nor video works. It does not matter whether the
conference is started or joined from a device within the LAN, it won't
work properly.

I was able to git-bisect this using linux-stable and found the
offending upstream commit[3]. In linux-stable this was backported
right after 5.4.72 so >=5.4.73 are affected, up to 5.4.126. I can
confirm that reverting the commit (even if it is just commenting those
4 lines that the commit adds) fixes the issue at least on 5.4.109. No
other protocol/connection type seems to be affected, and this only
seems to affect webrtc in the context of forwarding (i.e. when
started/joined from a device in the LAN, not the gateway itself).

I am unsure how to proceed, whether this requires an upstream bugzilla
to be opened (which I can gladly do) or not. I searched the archives
first but I could find no mention relating webrtc and the change to
this function (I only found the relationship when git-bisecting).

Thanks in advance.

Regards,



[1] https://www.kernel.org/doc/html/latest/process/maintainers.html#maintainers
[2] https://bugs.gentoo.org/797211
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ