From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
netdev <netdev@vger.kernel.org>,
Yuchung Cheng <ycheng@google.com>,
Jonathan Rajotte-Julien <joraj@efficios.com>
Subject: [regression] TC_MD5SIG on established sockets
Date: Wed, 13 May 2020 15:38:35 -0400 (EDT) [thread overview]
Message-ID: <341326348.19635.1589398715534.JavaMail.zimbra@efficios.com> (raw)
Hi,
I am reporting a regression with respect to use of TCP_MD5SIG/TCP_MD5SIG_EXT
on established sockets. It is observed by a customer.
This issue is introduced by this commit:
commit 721230326891 "tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets"
The intent of this commit appears to be to fix a use of uninitialized value in
tcp_parse_options(). The change introduced by this commit is to disallow setting
the TCP_MD5SIG{,_EXT} socket options on an established socket.
The justification for this change appears in the commit message:
"I believe this was caused by a TCP_MD5SIG being set on live
flow.
This is highly unexpected, since TCP option space is limited.
For instance, presence of TCP MD5 option automatically disables
TCP TimeStamp option at SYN/SYNACK time, which we can not do
once flow has been established.
Really, adding/deleting an MD5 key only makes sense on sockets
in CLOSE or LISTEN state."
However, reading through RFC2385 [1], this justification does not appear
correct. Quoting to the RFC:
"This password never appears in the connection stream, and the actual
form of the password is up to the application. It could even change
during the lifetime of a particular connection so long as this change
was synchronized on both ends"
The paragraph above clearly underlines that changing the MD5 signature of
a live TCP socket is allowed.
I also do not understand why it would be invalid to transition an established
TCP socket from no-MD5 to MD5, or transition from MD5 to no-MD5. Quoting the
RFC:
"The total header size is also an issue. The TCP header specifies
where segment data starts with a 4-bit field which gives the total
size of the header (including options) in 32-byte words. This means
that the total size of the header plus option must be less than or
equal to 60 bytes -- this leaves 40 bytes for options."
The paragraph above seems to be the only indication that some TCP options
cannot be combined on a given TCP socket: if the resulting header size does
not fit. However, I do not see anything in the specification preventing any
of the following use-cases on an established TCP socket:
- Transition from no-MD5 to MD5,
- Transition from MD5 to no-MD5,
- Changing the MD5 key associated with a socket.
As long as the resulting combination of options does not exceed the available
header space.
Can we please fix this KASAN report in a way that does not break user-space
applications expectations about Linux' implementation of RFC2385 ?
Thanks,
Mathieu
[1] RFC2385: https://tools.ietf.org/html/rfc2385
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next reply other threads:[~2020-05-13 19:38 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-13 19:38 Mathieu Desnoyers [this message]
2020-05-13 19:49 ` [regression] TC_MD5SIG on established sockets Eric Dumazet
2020-05-13 19:56 ` Eric Dumazet
2020-06-29 19:43 ` [regression] TCP_MD5SIG " Mathieu Desnoyers
2020-06-29 20:47 ` Eric Dumazet
2020-06-30 19:43 ` Linus Torvalds
2020-06-30 19:52 ` Linus Torvalds
2020-06-30 20:34 ` Mathieu Desnoyers
2020-06-30 20:39 ` Eric Dumazet
2020-06-30 20:44 ` David Miller
2020-06-30 20:56 ` Eric Dumazet
2020-06-30 21:17 ` Mathieu Desnoyers
2020-06-30 21:23 ` Eric Dumazet
2020-06-30 21:54 ` Eric Dumazet
2020-06-30 22:07 ` Eric Dumazet
2020-06-30 22:38 ` Eric Dumazet
2020-06-30 23:44 ` Mathieu Desnoyers
2020-07-01 0:01 ` Eric Dumazet
2020-07-01 2:02 ` Herbert Xu
2020-07-01 2:17 ` Eric Dumazet
2020-07-01 2:22 ` Herbert Xu
2020-07-01 2:30 ` Eric Dumazet
2020-07-01 2:39 ` Joe Perches
2020-07-01 2:58 ` Herbert Xu
2020-07-01 3:36 ` Eric Dumazet
2020-07-01 3:50 ` Herbert Xu
2020-07-01 12:19 ` Mathieu Desnoyers
2020-07-01 15:15 ` Eric Dumazet
2020-07-01 17:24 ` Eric Dumazet
2020-06-30 20:21 ` David Miller
2020-06-30 20:30 ` Eric Dumazet
2020-06-30 20:39 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=341326348.19635.1589398715534.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=joraj@efficios.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.