| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210625083632.5a321cef@hermes.local>
Date: Fri, 25 Jun 2021 08:36:32 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 213581] New: Change in ip_dst_mtu_maybe_forward() breaks
WebRTC connections
Begin forwarded message:
Date: Fri, 25 Jun 2021 11:54:19 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 213581] New: Change in ip_dst_mtu_maybe_forward() breaks WebRTC connections
https://bugzilla.kernel.org/show_bug.cgi?id=213581
Bug ID: 213581
Summary: Change in ip_dst_mtu_maybe_forward() breaks WebRTC
connections
Product: Networking
Version: 2.5
Kernel Version: 5.13.0-rc7
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
Assignee: stephen@...workplumber.org
Reporter: godlike64@...il.com
Regression: No
Recent Linux kernel versions (>=5.9 if my calculations are correct), when used
as a gateway on a LAN (or a similar setup) will break WebRTC protocols such as
Google Meet, Discord, etc. (have not done extensive testing but would gather
that most similar protocols are affected). In the case of Meet, no video for
any participant is ever shown (other than my own), and nobody can see my video,
although audio does work. In the case of Discord, no audio/video for other
participants is ever shown. Note that every meeting is initiated or joined from
inside the LAN, not on the gateway itself.
Using plain iptables, firewalld+iptables or firewalld+nftables makes no
difference (it was the first thing I tried). I discovered this a few months ago
when updating the kernel, and found that reverting to the previous kernel made
this work again. I didn't look further into it until now, when I can no longer
stay on that old of a kernel :).
Using git-bisect I was able to identify the offending commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0
This patch was backported to linux-stable shortly after 5.4.72 released. It
appears to still be there in vanilla upstream. I can confirm that reverting
this patch in 5.4.109 fixes the issue and webrtc works again.
I have also reverted this patch in 5.13.0-rc7 and WebRTC works with the patch
reverted. Without reverting the patch, it's broken.
No other protocol/connection seems to be affected.
Reproducible: Always
Steps to Reproduce:
1. Install any kernel >5.4.9 on a gateway device.
2. Try to use a conferencing application that uses WebRTC (Meet, Discord, etc).
Either start or join a meeting from a device that sits in the LAN.
Actual Results:
Audio and/or video does not work when a meeting is initiated/joined from within
the LAN
Expected Results:
Both audio and video should work when inside the meeting.
My C is quite limited, but it appears that this function, from wherever it gets
called, returns a different value after the mentioned commit. It used to
return:
return min(READ_ONCE(dst->dev->mtu), IP_MAX_MTU);
Now it returns:
mtu = dst_metric_raw(dst, RTAX_MTU);
if (mtu)
return mtu;
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists