diff options
author | Eric Dumazet <edumazet@google.com> | 2014-05-29 08:45:14 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-06-02 14:09:28 -0700 |
commit | 39c36094d78c39e038c1e499b2364e13bce36f54 (patch) | |
tree | fac76f2e1c8968c74556cc68c1920da58c6bf3dd /net | |
parent | fc0d6e9cd0aefbe5de5ebafb1805f2c59539725b (diff) | |
download | linux-39c36094d78c39e038c1e499b2364e13bce36f54.tar.gz linux-39c36094d78c39e038c1e499b2364e13bce36f54.tar.bz2 linux-39c36094d78c39e038c1e499b2364e13bce36f54.zip |
net: fix inet_getid() and ipv6_select_ident() bugs
I noticed we were sending wrong IPv4 ID in TCP flows when MTU discovery
is disabled.
Note how GSO/TSO packets do not have monotonically incrementing ID.
06:37:41.575531 IP (id 14227, proto: TCP (6), length: 4396)
06:37:41.575534 IP (id 14272, proto: TCP (6), length: 65212)
06:37:41.575544 IP (id 14312, proto: TCP (6), length: 57972)
06:37:41.575678 IP (id 14317, proto: TCP (6), length: 7292)
06:37:41.575683 IP (id 14361, proto: TCP (6), length: 63764)
It appears I introduced this bug in linux-3.1.
inet_getid() must return the old value of peer->ip_id_count,
not the new one.
Lets revert this part, and remove the prevention of
a null identification field in IPv6 Fragment Extension Header,
which is dubious and not even done properly.
Fixes: 87c48fa3b463 ("ipv6: make fragment identifications less predictable")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/output_core.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c index 6313abd53c9d..56596ce390a1 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c @@ -12,7 +12,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) { static atomic_t ipv6_fragmentation_id; struct in6_addr addr; - int old, new; + int ident; #if IS_ENABLED(CONFIG_IPV6) struct inet_peer *peer; @@ -26,15 +26,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) return; } #endif - do { - old = atomic_read(&ipv6_fragmentation_id); - new = old + 1; - if (!new) - new = 1; - } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old); + ident = atomic_inc_return(&ipv6_fragmentation_id); addr = rt->rt6i_dst.addr; - addr.s6_addr32[0] ^= (__force __be32)new; + addr.s6_addr32[0] ^= (__force __be32)ident; fhdr->identification = htonl(secure_ipv6_id(addr.s6_addr32)); } EXPORT_SYMBOL(ipv6_select_ident); |