Re: [PATCH] Fix corrupt TCP packets when options space overflows with MD5SIG enabled

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Ben Hutchings <bhutchings@solarflare•com>
To: Adam Langley <agl@imperialviolet•org>
Cc: davem@davemloft•net, netdev@vger•kernel.org
Subject: Re: [PATCH] Fix corrupt TCP packets when options space overflows with MD5SIG enabled
Date: Fri, 30 May 2008 20:02:20 +0100	[thread overview]
Message-ID: <20080530190218.GD1743@solarflare.com> (raw)
In-Reply-To: <396556a20805301140x586093e5o92d44e38f7c2869a@mail.gmail.com>

Adam Langley wrote:
> When MD5 signatures are turned on we can end up with syntactically invalid
> packets with a header length < 20 bytes. This is because tcp_header_size
> overflows with 12 bytes of timestamp, 20 bytes of signature and > 8 bytes of
> SACK option.
[...]
> @@ -519,12 +529,23 @@ static int tcp_transmit_skb(struct sock *sk,
> struct sk_buff *skb, int clone_it,
>                         tcp_header_size += TCPOLEN_WSCALE_ALIGNED;
>                         sysctl_flags |= SYSCTL_FLAG_WSCALE;
>                 }
> -               if (sysctl_tcp_sack) {
> +               if (sysctl_tcp_sack
> +#ifdef CONFIG_TCP_MD5SIG
> +                   /* We don't include SACK options if we are going to
> +                    * include an MD5 signature because they can't fit
> +                    * in the options space */
> +                   && !md5
> +#endif

Putting an #ifdef..#endif in the middle of an if () is a bit nasty.  Why not
define md5 and set it to 0 if CONFIG_TCP_MD5SIG is not set?  The compiler
should be able to optimise it away if it's always initialised to 0.

Ben.

-- 
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.

next prev parent reply	other threads:[~2008-05-30 19:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-30 18:40 [PATCH] Fix corrupt TCP packets when options space overflows with MD5SIG enabled Adam Langley
2008-05-30 19:02 ` Ben Hutchings [this message]
2008-05-30 19:11   ` Adam Langley
2008-05-30 19:17     ` Adam Langley
2008-05-30 20:32       ` Stephen Hemminger
2008-05-31 22:01         ` Adam Langley
2008-05-31 21:57 ` Adam Langley
2008-06-01 23:40   ` James Morris
2008-06-02  6:56     ` David Miller
2008-06-03 16:31     ` Adam Langley
2008-06-03 16:44       ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080530190218.GD1743@solarflare.com \
    --to=bhutchings@solarflare$(echo .)com \
    --cc=agl@imperialviolet$(echo .)org \
    --cc=davem@davemloft$(echo .)net \
    --cc=netdev@vger$(echo .)kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox