lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240819124954.GA885813@pevik>
Date: Mon, 19 Aug 2024 14:49:54 +0200
From: Petr Vorel <pvorel@...e.cz>
To: Eric Dumazet <edumazet@...gle.com>, Xin Long <lucien.xin@...il.com>
Cc: netdev@...r.kernel.org
Subject: [RFC] Big TCP and ping support vs. max ICMP{,v6} packet size

Hi Eric, Xin,

I see you both worked on Big TCP support for IPv4/IPv6. I wonder if anybody was
thinking about add Big TCP to raw socket or ICMP datagram socket. I'm not sure
what would be a real use case (due MTU limitation is Big TCP mostly used on
local networks anyway).

I'm asking because I'm just about to limit -s value for ping in iputils (this
influences size of payload of ICMP{,v6} being send) to 65507 (IPv4) or 65527 (IPv6):

65507 = 65535 (IPv4 packet size) - 20 (min IPv4 header size) - 8 (ICMP header size)
65527 = 65535 (IPv6 packet size) - 8 (ICMPv6 header size)

which would then block using Big TCP.

The reasons are:
1) The implementation was wrong [1] (signed integer overflow when using
INT_MAX).

2) Kernel limits it exactly to these values:

* ICMP datagram socket net/ipv4/ping.c in ping_common_sendmsg() [2] (used in
both ping_v4_sendmsg() and ping_v6_sendmsg()):

	if (len > 0xFFFF)
		return -EMSGSIZE;

* raw socket IPv4 in raw_sendmsg() [3]:

	err = -EMSGSIZE;
	if (len > 0xFFFF)
		goto out;

* Raw socket IPv6 I suppose either in rawv6_send_hdrinc() [4] (I suppose when
IP_HDRINCL set when userspace passes also IP header) or in ip6_append_data() [5]
otherwise.

3) Other ping implementations also limit it [6] (I suppose due 2)).

Kind regards,
Petr

[1] https://github.com/iputils/iputils/issues/542
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/ping.c?h=v6.11-rc4#n655
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/raw.c?h=v6.11-rc4#n498
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/raw.c?h=v6.11-rc4#n605
[5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/ip6_output.c?h=v6.11-rc4#n1453
[6] https://github.com/pevik/iputils/wiki/Maximum-value-for-%E2%80%90s-(size)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ