| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Oct 2023 07:26:28 -0700 From: Yan Zhai <yan@...udflare.com> To: netdev@...r.kernel.org Cc: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Aya Levin <ayal@...dia.com>, Tariq Toukan <tariqt@...dia.com>, linux-kernel@...r.kernel.org, kernel-team@...udflare.com, Florian Westphal <fw@...len.de>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, Alexander H Duyck <alexander.duyck@...il.com> Subject: [PATCH v5 net-next 0/3] ipv6: avoid atomic fragment on GSO output When the ipv6 stack output a GSO packet, if its gso_size is larger than dst MTU, then all segments would be fragmented. However, it is possible for a GSO packet to have a trailing segment with smaller actual size than both gso_size as well as the MTU, which leads to an "atomic fragment". Atomic fragments are considered harmful in RFC-8021. An Existing report from APNIC also shows that atomic fragments are more likely to be dropped even it is equivalent to a no-op [1]. The series contains following changes: * drop feature RTAX_FEATURE_ALLFRAG, which has been broken. This helps simplifying other changes in this set. * refactor __ip6_finish_output code to separate GSO and non-GSO packet processing, mirroring IPv4 side logic. * avoid generating atomic fragment on GSO packets. Link: https://www.potaroo.net/presentations/2022-03-01-ipv6-frag.pdf [1] change log: V4 -> V5: minor fixup V3 -> V4: cleaned up all RTAX_FEATURE_ALLFRAG code, rather than just drop the check at IPv6 output. V2 -> V3: split the changes to separate commits as Willem de Bruijn suggested V1 is incorrect and omitted V4: https://lore.kernel.org/netdev/cover.1698114636.git.yan@cloudflare.com/ V3: https://lore.kernel.org/netdev/cover.1697779681.git.yan@cloudflare.com/ V2: https://lore.kernel.org/netdev/ZS1%2Fqtr0dZJ35VII@debian.debian/ Yan Zhai (3): ipv6: drop feature RTAX_FEATURE_ALLFRAG ipv6: refactor ip6_finish_output for GSO handling ipv6: avoid atomic fragment on GSO packets include/net/dst.h | 7 ----- include/net/inet_connection_sock.h | 1 - include/net/inet_sock.h | 1 - include/uapi/linux/rtnetlink.h | 2 +- net/ipv4/tcp_output.c | 20 +------------ net/ipv6/ip6_output.c | 45 ++++++++++++++++-------------- net/ipv6/tcp_ipv6.c | 1 - net/ipv6/xfrm6_output.c | 2 +- net/mptcp/subflow.c | 1 - 9 files changed, 27 insertions(+), 53 deletions(-) -- 2.30.2
Powered by blists - more mailing lists