lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Feb 2022 10:18:04 +0800
From:   Lina Wang <lina.wang@...iatek.com>
To:     Steffen Klassert <steffen.klassert@...unet.com>
CC:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Jakub Kicinski <kuba@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        Lina Wang <lina.wang@...iatek.com>
Subject: Re: [PATCH] xfrm: fix tunnel model fragmentation behavior

On Mon, 2022-02-21 at 12:04 +0100, Steffen Klassert wrote:
> On Mon, Feb 21, 2022 at 01:16:48PM +0800, Lina Wang wrote:
> > in tunnel mode, if outer interface(ipv4) is less, it is easily to
We have two commits in the ipsec tree that address a very similar
> issue. That is:
> 
> commit 6596a0229541270fb8d38d989f91b78838e5e9da
> xfrm: fix MTU regression
> 
> and
> 
> commit a6d95c5a628a09be129f25d5663a7e9db8261f51
> Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
> 
> Can you please doublecheck that the issue you are fixing still
> exist in the ipsec tree?

Yes, I know the two patches, which didnot help for my scenary. Whatever 
commit a6d95c5a62 exist or not, there still is double fragment issue. From
commit 6596a022's mail thread, owner has met double fragment issue, I am 
not sure if it is the same with mine.

My scenary is very simple, set up ipsec0, create default route, set 
transport mode for ipsec0 and tunnel mode for wlan0.

ip link add ipsec0 type xfrm dev xfrm dev wlan0 if_id xx
ip link set mtu 1400 dev ipsec0
ip link set mtu 1300 dev wlan0

ping6 -s 1300 xx will always reproduce such issue.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ