On Wed, Feb 24, 2016 at 09:37:39PM +0000, Mark McKinstry wrote: > On 19/02/16 01:19, Steffen Klassert wrote: > > On Thu, Feb 18, 2016 at 01:40:00AM +0000, Mark McKinstry wrote: > >> This patch fixes our issue, thanks. In our scenario the tunnel path MTU > >> now gets updated so that subsequent large packets sent over the tunnel > >> get fragmented correctly. > > I've applied this patch to the ipsec tree now. > > Thanks for testing! > I spoke too soon. Upon further testing with this patch we have found it > causes > a skt buffer leak. This is problematic for us and can cause memory > exhaustion in > one of our test scenarios that has an IPv4 IPsec tunnel over a PPP link. > Also > the patch's -EMSGSIZE return value appears to be invalid because vti_xmit() > should be returning a type netdev_tx_t (NETDEV_TX_OK etc). It looks to > me that > this patch should really be doing a goto tx_error rather than doing an early > return with -EMSGSIZE. This would result in the skt buffer being freed, > NETDEV_TX_OK being returned (thus indicating vti_xmit() "took care of > packet"), > and the tx_errors counter being incremented (which seems like a reasonable > thing to do). Yes, you are right here. > > I think the original IPv6 patch probably has the same issues, and could be > causing a DOS attack vulnerability in recent Linux releases. We need to fix both, ipv4 and ipv6. I'll care for it, thanks for the report. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html