mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal bb4cc1a188 net: ip: always refragment ip defragmented packets 
Conntrack reassembly records the largest fragment size seen in IPCB.
However, when this gets forwarded/transmitted, fragmentation will only
be forced if one of the fragmented packets had the DF bit set.

In that case, a flag in IPCB will force fragmentation even if the
MTU is large enough.

This should work fine, but this breaks with ip tunnels.
Consider client that sends a UDP datagram of size X to another host.

The client fragments the datagram, so two packets, of size y and z, are
sent. DF bit is not set on any of these packets.

Middlebox netfilter reassembles those packets back to single size-X
packet, before routing decision.

packet-size-vs-mtu checks in ip_forward are irrelevant, because DF bit
isn't set.  At output time, ip refragmentation is skipped as well
because x is still smaller than the mtu of the output device.

If ttransmit device is an ip tunnel, the packet size increases to
x+overhead.

Also, tunnel might be configured to force DF bit on outer header.

In this case, packet will be dropped (exceeds MTU) and an ICMP error is
generated back to sender.

But sender already respects the announced MTU, all the packets that
it sent did fit the announced mtu.

Force refragmentation as per original sizes unconditionally so ip tunnel
will encapsulate the fragments instead.

The only other solution I see is to place ip refragmentation in
the ip_tunnel code to handle this case.

Fixes: d6b915e29f ("ip_fragment: don't forward defragmented DF packet")
Reported-by: Christian Perle <christian.perle@secunet.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-07 14:42:36 -08:00
..
6lowpan
9p 9p for 5.11-rc1 2020-12-21 10:28:02 -08:00
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-05 16:25:31 -08:00
appletalk
atm
ax25
batman-adv
bluetooth
bpf
bpfilter
bridge net: bridge: Fix a warning when del bridge sysfs 2020-12-14 18:27:49 -08:00
caif
can
ceph libceph: align session_key and con_secret to 16 bytes 2020-12-28 20:34:33 +01:00
core net: neighbor: fix a crash caused by mod zero 2020-12-28 14:49:48 -08:00
dcb net: dcb: Validate netlink message in DCB handler 2020-12-23 12:19:48 -08:00
dccp selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
decnet
dns_resolver
dsa
ethernet
ethtool ethtool: fix error paths in ethnl_set_channels() 2020-12-16 13:27:17 -08:00
hsr
ieee802154
ife
ipv4 net: ip: always refragment ip defragmented packets 2021-01-07 14:42:36 -08:00
ipv6 net: ipv6: fib: flush exceptions when purging route 2021-01-07 12:03:16 -08:00
iucv
kcm
key
l2tp
l3mdev
lapb net: lapb: Decrease the refcount of "struct lapb_cb" in lapb_device_event 2021-01-04 13:42:41 -08:00
llc
mac80211
mac802154
mpls
mptcp net: mptcp: cap forward allocation to 1M 2020-12-28 13:53:57 -08:00
ncsi net/ncsi: Use real net-device for response handler 2020-12-23 12:22:23 -08:00
netfilter netfilter: nftables: add set expression flags 2020-12-28 10:50:26 +01:00
netlabel
netlink
netrom
nfc
nsh
openvswitch net: openvswitch: fix TTL decrement exception action execution 2020-12-14 17:18:25 -08:00
packet net: af_packet: fix procfs header for 64-bit pointers 2020-12-18 12:17:23 -08:00
phonet
psample
qrtr net: qrtr: fix null-ptr-deref in qrtr_ns_remove 2021-01-05 16:50:09 -08:00
rds
rfkill
rose
rxrpc
sched net: sched: prevent invalid Scell_log shift count 2020-12-28 14:52:54 -08:00
sctp
smc net/smc: fix access to parent of an ib device 2020-12-16 13:33:47 -08:00
strparser
sunrpc NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
switchdev
tipc tipc: do sanity check payload of a netlink message 2020-12-16 12:45:02 -08:00
tls net: fix proc_fs init handling in af_packet and tls 2020-12-14 19:39:30 -08:00
unix
vmw_vsock af_vsock: Assign the vsock transport considering the vsock address flags 2020-12-14 19:33:39 -08:00
wireless cfg80211: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
x25
xdp xsk: Rollback reservation at NETDEV_TX_BUSY 2020-12-18 16:10:21 +01:00
xfrm selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
compat.c
devres.c
Kconfig
Makefile
socket.c for-5.11/io_uring-2020-12-14 2020-12-16 12:44:05 -08:00
sysctl_net.c