From: "Tero Kauppinen (JO/LMF)" <tero.kauppinen@ericsson.com>
To: Ville Nuorvala <vnuorval@tcs.hut.fi>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>,
davem@davemloft.net, netdev@vger.kernel.org
Subject: Re: [PATCH 6/6] IPv6: Fix infinite loop if no matching IPv6 tunnel found
Date: Fri, 03 Nov 2006 12:26:45 +0200 [thread overview]
Message-ID: <454B1965.5080005@ericsson.com> (raw)
In-Reply-To: <454B0724.1070609@tcs.hut.fi>
Ville Nuorvala wrote:
> YOSHIFUJI Hideaki wrote:
>> In article <4549EFA7.50004@tcs.hut.fi> (at Thu, 02 Nov 2006 15:16:23 +0200), Ville Nuorvala <vnuorval@tcs.hut.fi> says:
>>
>>> On 11/02/06 14:59, YOSHIFUJI Hideaki wrote:
>>>> In article <4549D8E7.1040409@tcs.hut.fi> (at Thu, 02 Nov 2006 13:39:19 +0200), Ville Nuorvala <vnuorval@tcs.hut.fi> says:
>>>>
>>>>> read_unlock(&ip6ip6_lock);
>>>>> - return 1;
>>>>> -
>>>>> + icmpv6_send(skb, ICMPV6_DEST_UNREACH,
>>>>> + ICMPV6_ADDR_UNREACH, 0, skb->dev);
>>>>> discard:
>>>> I'd argue this. We probably should not send back any ICMPv6 packets
>>>> to the original sender in this case to avoid DoS.
>>> Sorry, I don't follow you. I don't see the DoS scenario here (after we
>>> apply the patch, that is ;-).
>> Well, leaving aside whether sending icmpv6 is good thing (*),
>> the code for sending icmpv6 was moved from ip6_tunnel.c
>> to tunnel6.c by commit-id 50fba2aa7cefa6b0e1768cb350c9e69042320c03
>> by Herbert.
>>
>> The ip6_tunnel.c change that Herbert made does not seem consistent
>> with ipip.c change. To fix your issue the appropriate change is just
>> fall through to discard section, as we're doing for ipip.c.
>
> Ah, I hadn't noticed Herbert's patch. It actually appears to fix the
> problem I was trying to fix here. AFAIK Tero experienced the infinite
> loop on a 2.6.16 kernel.
Correct, it was a 2.6.16.29 kernel patched with MIPL 2.0.2. The problem
was obviously not whether an ICMP error was sent or not but that a wrong
return value was used. However, if that's then already fixed in newer
kernels where MIPL is included in the source tree, we all can be happy
again. :)
--
Tero
prev parent reply other threads:[~2006-11-03 10:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-02 11:39 [PATCH 6/6] IPv6: Fix infinite loop if no matching IPv6 tunnel found Ville Nuorvala
2006-11-02 12:59 ` YOSHIFUJI Hideaki / 吉藤英明
[not found] ` <4549EFA7.50004@tcs.hut.fi>
2006-11-02 14:18 ` YOSHIFUJI Hideaki / 吉藤英明
2006-11-02 14:22 ` Ville Nuorvala
2006-11-14 0:57 ` David Miller
2006-11-14 13:16 ` Ville Nuorvala
2006-11-25 1:12 ` David Miller
2006-11-03 9:08 ` Ville Nuorvala
2006-11-03 10:26 ` Tero Kauppinen (JO/LMF) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=454B1965.5080005@ericsson.com \
--to=tero.kauppinen@ericsson.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=vnuorval@tcs.hut.fi \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.