lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220707162319.49c25e90@kernel.org>
Date:   Thu, 7 Jul 2022 16:23:19 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Aleksey Shumnik <ashumnik9@...il.com>
Cc:     Ido Schimmel <idosch@...sch.org>, netdev@...r.kernel.org,
        David Ahern <dsahern@...il.com>, kuznet@....inr.ac.ru,
        xeb@...l.ru
Subject: Re: [PATCH] net/ipv4/ip_gre.c net/ipv6/ip6_gre.c: ip and gre header
 are recorded twice

On Thu, 7 Jul 2022 19:41:23 +0300 Aleksey Shumnik wrote:
> On Sat, Jul 2, 2022 at 4:42 AM Jakub Kicinski <kuba@...nel.org> wrote:
> > On Fri, 1 Jul 2022 18:31:51 -0700 Jakub Kicinski wrote:  
> > > On Tue, 28 Jun 2022 18:18:27 +0300 Aleksey Shumnik wrote:  
> > > > pre-up ip tunnel add mgre0 mode ip6gre local 4444::1111 key 1 ttl 64 tos inherit  
> > >
> > > I can't get GRE6 tunnels to work as NBMA net at all.
> > > AFAICT ip6gre_tunnel_xmit() takes the endpoint addresses straight
> > > from the netdev, only ip6tnl seems to be doing a lookup.
> > > Am I doing it wrong?  
> 
> What exactly is the problem, may you describe it?
> Have you added entries to the neighbors table?

Yeah, I've added the neigh entries (although the v6 addresses had to 
be massaged a little for ip neigh to take them, the commands from the
email don't work cause iproute2 doesn't support :: in lladdr, AFAICT).

What I've seen in tracing was that I hit:

ip6gre_tunnel_xmit() -> ip6_tnl_xmit_ctl() -> ip6_tnl_get_cap()

that returns IP6_TNL_F_CAP_PER_PACKET

so back to ip6gre_tunnel_xmit() -> goto tx_err -> error, drop

packet never leaves the interface.

> > If it's just v4 could perhaps be commit fdafed459998 ("ip_gre: set
> > dev->hard_header_len and dev->needed_headroom properly"). Would you
> > be able to try some kernel older than 5.8?  
> 
> I'll try.
> dev->hard_header_len and dev->needed_headroom are set properly, but
> the problem remains.
> The problem with v4 is that the ip and gre headers are created 2 times
> (1st in ipgre_header() and 2nd in gre_build_header() and
> iptunnel_xmit()), they are overwritten, so that there is one gre and
> one ip header in the packet.
> Why take unnecessary actions if it could be created once.
> v6 has the same problem, but also the packet has 2 same ip6 and gre
> headers, duplication occurs, that is, they are not overwritten as in
> v4.
> v6 doesn't even have dev->hard_header_len.

Hm, so you did get v6 to repro? Not sure what I'm doing wrong, I'm
trying to repro with a net namespace over veth but that can't be it...

Powered by blists - more mailing lists