lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220707162319.49c25e90@kernel.org> Date: Thu, 7 Jul 2022 16:23:19 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Aleksey Shumnik <ashumnik9@...il.com> Cc: Ido Schimmel <idosch@...sch.org>, netdev@...r.kernel.org, David Ahern <dsahern@...il.com>, kuznet@....inr.ac.ru, xeb@...l.ru Subject: Re: [PATCH] net/ipv4/ip_gre.c net/ipv6/ip6_gre.c: ip and gre header are recorded twice On Thu, 7 Jul 2022 19:41:23 +0300 Aleksey Shumnik wrote: > On Sat, Jul 2, 2022 at 4:42 AM Jakub Kicinski <kuba@...nel.org> wrote: > > On Fri, 1 Jul 2022 18:31:51 -0700 Jakub Kicinski wrote: > > > On Tue, 28 Jun 2022 18:18:27 +0300 Aleksey Shumnik wrote: > > > > pre-up ip tunnel add mgre0 mode ip6gre local 4444::1111 key 1 ttl 64 tos inherit > > > > > > I can't get GRE6 tunnels to work as NBMA net at all. > > > AFAICT ip6gre_tunnel_xmit() takes the endpoint addresses straight > > > from the netdev, only ip6tnl seems to be doing a lookup. > > > Am I doing it wrong? > > What exactly is the problem, may you describe it? > Have you added entries to the neighbors table? Yeah, I've added the neigh entries (although the v6 addresses had to be massaged a little for ip neigh to take them, the commands from the email don't work cause iproute2 doesn't support :: in lladdr, AFAICT). What I've seen in tracing was that I hit: ip6gre_tunnel_xmit() -> ip6_tnl_xmit_ctl() -> ip6_tnl_get_cap() that returns IP6_TNL_F_CAP_PER_PACKET so back to ip6gre_tunnel_xmit() -> goto tx_err -> error, drop packet never leaves the interface. > > If it's just v4 could perhaps be commit fdafed459998 ("ip_gre: set > > dev->hard_header_len and dev->needed_headroom properly"). Would you > > be able to try some kernel older than 5.8? > > I'll try. > dev->hard_header_len and dev->needed_headroom are set properly, but > the problem remains. > The problem with v4 is that the ip and gre headers are created 2 times > (1st in ipgre_header() and 2nd in gre_build_header() and > iptunnel_xmit()), they are overwritten, so that there is one gre and > one ip header in the packet. > Why take unnecessary actions if it could be created once. > v6 has the same problem, but also the packet has 2 same ip6 and gre > headers, duplication occurs, that is, they are not overwritten as in > v4. > v6 doesn't even have dev->hard_header_len. Hm, so you did get v6 to repro? Not sure what I'm doing wrong, I'm trying to repro with a net namespace over veth but that can't be it...
Powered by blists - more mailing lists