st fragment not including all
headers")
Reported-by: Randy Dunlap
Reported-by: kernel test robot
Signed-off-by: Georg Kohmann
---
Notes:
v2: Add Fixes tag and fix spelling in comment.
include/net/ipv6.h | 2 --
include/net/ipv6_frag.h | 30 +
robot
Signed-off-by: Georg Kohmann
---
include/net/ipv6.h | 2 --
include/net/ipv6_frag.h | 30 ++
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +-
net/ipv6/reassembly.c | 31 +--
On 18.11.2020 19:16, Pablo Neira Ayuso wrote:
> Hi,
>
> On Wed, Nov 11, 2020 at 12:50:25PM +0100, Georg Kohmann wrote:
> [...]
>> diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
>> index c8cf1bb..e3869ba 100644
>> --- a/net/ipv6/reassembly.c
>> +++ b
n't include all headers")
Signed-off-by: Georg Kohmann
---
Notes:
v2: Wrap fragment validation code into exthdrs_code.c for use by both ipv6
and
netfiter.
v3: Remove unused variable frag_off from ipv6_frag_rcv().
v4:
a) Rename ipv6_frag_validate() to ipv6_fra
On 09.11.2020 21:50, Jakub Kicinski wrote:
> On Mon, 9 Nov 2020 12:52:49 +0100 Georg Kohmann wrote:
>> Packets are processed even though the first fragment don't include all
>> headers through the upper layer header. This breaks TAHI IPv6 Core
>> Conformance Test v6LC
eue() returns -EPROTO. The Fragment will later be picked up
by ipv6_frag_rcv() in reassembly.c. ipv6_frag_rcv() will then send an
appropriate ICMP Parameter Problem message back to the source.
References commit 2efdaaaf883a ("IPv6: reply ICMP error if the first
fragment don't inclu
On 06.11.2020 17:58, Jakub Kicinski wrote:
> On Fri, 6 Nov 2020 14:08:03 +0100 Georg Kohmann wrote:
>> diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
>> index c8cf1bb..e6173f5 100644
>> --- a/net/ipv6/reassembly.c
>> +++ b/net/ipv6/reassembly.c
>&g
-EPROTO. The Fragment will later be picked up by ipv6_frag_rcv() in
reassembly.c. ipv6_frag_rcv() will then send an appropriate ICMP Parameter
Problem message back to the source.
References commit 2efdaaaf883a ("IPv6: reply ICMP error if the first
fragment don't include all headers"
On 04.11.2020 14:41, Pablo Neira Ayuso wrote:
> Hi,
>
> On Wed, Nov 04, 2020 at 02:01:28PM +0100, Georg Kohmann wrote:
>> Packets are processed even though the first fragment don't include all
>> headers through the upper layer header. This breaks TAHI IPv6 Core
>
iate ICMP Parameter
Problem message back to the source.
References commit 2efdaaaf883a ("IPv6: reply ICMP error if the first
fragment don't include all headers")
Signed-off-by: Georg Kohmann
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 28 +++-
1 file chan
On 30.10.2020 16:31, Willem de Bruijn wrote:
> On Tue, Oct 27, 2020 at 5:57 AM Hangbin Liu wrote:
>> On Tue, Oct 27, 2020 at 07:57:06AM +0000, Georg Kohmann (geokohma) wrote:
>>>> + /* RFC 8200, Section 4.5 Fragment Header:
>>>> +* If the first fragment doe
On 27.10.2020 10:57, Hangbin Liu wrote:
> On Tue, Oct 27, 2020 at 07:57:06AM +0000, Georg Kohmann (geokohma) wrote:
>>> + /* RFC 8200, Section 4.5 Fragment Header:
>>> +* If the first fragment does not include all headers through an
>>> +* Upper-Layer header
On 27.10.2020 03:28, Hangbin Liu wrote:
> Based on RFC 8200, Section 4.5 Fragment Header:
>
> - If the first fragment does not include all headers through an
> Upper-Layer header, then that fragment should be discarded and
> an ICMP Parameter Problem, Code 3, message should be sent to
On 26.10.2020 13:55, Hangbin Liu wrote:
> On Mon, Oct 26, 2020 at 08:09:21AM +0000, Georg Kohmann (geokohma) wrote:
>>> + nexthdr = hdr->nexthdr;
>>> + offset = ipv6_skip_exthdr(skb, skb_transport_offset(skb), &nexthdr,
>>> &frag_off);
>>>
On 26.10.2020 08:29, Hangbin Liu wrote:
> Based on RFC 8200, Section 4.5 Fragment Header:
>
> - If the first fragment does not include all headers through an
> Upper-Layer header, then that fragment should be discarded and
> an ICMP Parameter Problem, Code 3, message should be sent to
drop fragmented ndisc packets by
default (RFC 6980)")
Signed-off-by: Georg Kohmann
---
V2: Fix spelling of IPSKB_FRAGMENTED to IP6SKB_FRAGMENTED in comment
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
On 12.10.2020 14:56, Pablo Neira Ayuso wrote:
> Please, Cc: netfilter-de...@vger.kernel.org for your netfilter
> patches, so patchwork can catch it there too next time.
Thank you, I will next time.
>
> On Mon, Oct 12, 2020 at 02:53:47PM +0200, Georg Kohmann wrote:
>> Fragme
drop fragmented ndisc packets by
default (RFC 6980)")
Signed-off-by: Georg Kohmann
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index fed9666..054d287 100644
TU is less than the minimum link MTU.
Signed-off-by: Georg Kohmann
---
net/ipv6/route.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index fb075d9..27430d6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2745,7 +2745,8 @@ s
commit 70b095c84326 ("ipv6: remove dependency of nf_defrag_ipv6 on ipv6
module")
From: Florian Westphal
IPV6=m
DEFRAG_IPV6=m
CONNTRACK=y yields:
net/netfilter/nf_conntrack_proto.o: In function `nf_ct_netns_do_get':
net/netfilter/nf_conntrack_proto.c:802: undefined reference to
`nf_defrag_ipv6_e
commit 997dd9647164 ("net: IP6 defrag: use rbtrees in
nf_conntrack_reasm.c")
Currently, IPv6 defragmentation code drops non-last fragments that
are smaller than 1280 bytes: see
commit 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than min mtu")
This behavior is not specified in IPv6 RF
commit d65bc9545fd3 ("netfilter: ipv6: nf_defrag: Pass on packets to stack
per RFC2460")
Author: Subash Abhinov Kasiviswanathan
Date: Fri Jan 12 17:36:27 2018 -0700
[ Upstream commit 83f1999caeb14e15df205e80d210699951733287 ]
ipv6_defrag pulls network headers before fragment header. In case of
commit c23f35d19db3 ("net: IP defrag: encapsulate rbtree defrag code into
callable functions")
This is a refactoring patch: without changing runtime behavior,
it moves rbtree-related code from IPv4-specific files/functions
into .h/.c defrag files shared with IPv6 defragmentation code.
Signed-off-
commit e97ac12859db ("netfilter: ipv6: nf_defrag: fix NULL deref panic")
Author: Florian Westphal
Date: Tue Dec 8 23:35:19 2015 +0100
Valdis reports NULL deref in nf_ct_frag6_gather.
Problem is bogus use of skb_queue_walk() -- we miss first skb in the list
since we start with head->next instead
commit d4289fcc9b16 ("net: IP6 defrag: use rbtrees for IPv6 defrag")
Currently, IPv6 defragmentation code drops non-last fragments that
are smaller than 1280 bytes: see
commit 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than min mtu")
This behavior is not specified in IPv6 RFCs and a
commit 415787d7799f ("ipv6: frags: fix a lockdep false positive")
From: Eric Dumazet
lockdep does not know that the locks used by IPv4 defrag
and IPv6 reassembly units are of different classes.
It complains because of following chains :
1) sch_direct_xmit()(lock txq->_xmit_lock)
de
commit 029f7f3b8701 ("netfilter: ipv6: nf_defrag: avoid/free clone
operations")
Author: Florian Westphal
Date: Wed Nov 18 23:32:39 2015 +0100
commit 6aafeef03b9d9ecf
("netfilter: push reasm skb through instead of original frag skbs")
changed ipv6 defrag to not use the original skbs anymore.
So
commit daaa7d647f81 ("netfilter: ipv6: avoid nf_iterate recursion")
Author: Florian Westphal
Date: Wed Nov 18 23:32:40 2015 +0100
The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
with the previous one.
This means that the return value is always NULL or the skb argument.
commit b678aa578c9e ("ipv6: do not increment mac header when it's unset")
Author: Jason A. Donenfeld
Date: Fri Oct 21 18:28:25 2016 +0900
Otherwise we'll overflow the integer. This occurs when layer 3 tunneled
packets are handed off to the IPv6 layer.
Signed-off-by: Jason A. Donenfeld
Signed-
This is a backport of a 5.1rc patchset:
https://patchwork.ozlabs.org/cover/1029418/
Which was backported into 4.19:
https://patchwork.ozlabs.org/cover/1081619/
and into 4.14:
https://patchwork.ozlabs.org/cover/1089651/
and into 4.9:
https://www.spinics.net/lists/netdev/msg567087.html
T
tination can to appear to be directly
connected but is in fact more than one hop away."
Using the interface index from the incoming ICMPV6_PKT_TOOBIG when updating
the pmtu.
Signed-off-by: Georg Kohmann
---
net/ipv6/icmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/n
destination can to appear to be directly connected but
is in fact more than one hop away."
Using the interface index from the incoming ICMPV6_PKT_TOOBIG when
updating the pmtu.
Signed-off-by: Georg Kohmann
---
net/ipv6/icmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
d
32 matches
Mail list logo
