Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1005319imu; Sat, 15 Dec 2018 11:55:50 -0800 (PST) X-Google-Smtp-Source: AFSGD/VMROLK+2P6bFwJOw/ix04k7UUjxXaOXHWvfmdI9qOQCvBhmq7qFCsPE16kmmbC/2aGl161 X-Received: by 2002:a63:20e:: with SMTP id 14mr7040353pgc.161.1544903750776; Sat, 15 Dec 2018 11:55:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544903750; cv=none; d=google.com; s=arc-20160816; b=B4/GYpc2av9IqujaqRFoSv3Jyif3YaKxmN38oTGw2ZlcHvSNbd3h+qax/MMUuzxG/g JBEfpNwOANh/cH781IONoWqc+s+YEmrBunkvod2Je1Ra/fjN7r4jcBp9eVMWgOK31dxY diQ7YfJ7FnOIhO0YK9Md+rnnaS61UklD16Y2uyLnwNsHyR6C1pwz2x6fOe6IWuwBxgM/ T72bjyaOX3VFA8XQNsS4sppn3OG0Ju8Tif8GZR+Z4VY/NRJF1hl/jQVP+mIu+gLCvpkx xoQwrXLlN+n/IXSWQwOcLm2tio5PJFkiSg5tN62oF9aY+gfRyutXKP+Iss7Jz3nMu5NT CovQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=gyr99zk0J09fvCYV9UPptRQP8vBKudDX9sFyHMSvL1M=; b=K/NJFwnx+YeO+yzRIfdc4O3QVsZQqrObXsS/UOMOVR1e+MdGpS6OXH+SwcsxE/polx 907YzVDJ+jLayqfh6nHDjeSSEz2iL+n+DbZ+uZJ1PbJz62S2w6OcxWOQGy+naMjUpZDW K2F+l3UdsXdGle0nQnM3lG1va/V7YClYkGeRAa5B0EEVZkiqFFSbFJ3/s7aiUuh5Sg+t UyHtsfOsM2Hq+GN2nWeT8nNYOAJymtwASoEnJ/gyveV1URV9R0C51jMHzYaTOavw2s/j W7D8LiOhdqkBJgk5VDeC6HxeqsPHT0qYhSEfggBOpyeHbW+2gt4uhjL5Z2IjQ4KZ8RQw SbeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f127si6971338pfc.69.2018.12.15.11.55.35; Sat, 15 Dec 2018 11:55:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729549AbeLOTyp (ORCPT + 99 others); Sat, 15 Dec 2018 14:54:45 -0500 Received: from shards.monkeyblade.net ([23.128.96.9]:54418 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727229AbeLOTyo (ORCPT ); Sat, 15 Dec 2018 14:54:44 -0500 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::cf9]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 01FA514E8C6E7; Sat, 15 Dec 2018 11:54:43 -0800 (PST) Date: Sat, 15 Dec 2018 11:54:43 -0800 (PST) Message-Id: <20181215.115443.1744275952795502150.davem@davemloft.net> To: mkubecek@suse.cz Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, posk@google.com, eric.dumazet@gmail.com, gfigueira@suse.com Subject: Re: [PATCH net v2] net: ipv4: do not handle duplicate fragments as overlapping From: David Miller In-Reply-To: <20181213162332.E426FE1116@unicorn.suse.cz> References: <20181213162332.E426FE1116@unicorn.suse.cz> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sat, 15 Dec 2018 11:54:44 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Michal Kubecek Date: Thu, 13 Dec 2018 17:23:32 +0100 (CET) > Since commit 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping > segments.") IPv4 reassembly code drops the whole queue whenever an > overlapping fragment is received. However, the test is written in a way > which detects duplicate fragments as overlapping so that in environments > with many duplicate packets, fragmented packets may be undeliverable. > > Add an extra test and for (potentially) duplicate fragment, only drop the > new fragment rather than the whole queue. Only starting offset and length > are checked, not the contents of the fragments as that would be too > expensive. For similar reason, linear list ("run") of a rbtree node is not > iterated, we only check if the new fragment is a subset of the interval > covered by existing consecutive fragments. > > Fixes: 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments.") > Signed-off-by: Michal Kubecek > > v2: instead of an exact check iterating through linear list of an rbtree > node, only check if the new fragment is subset of the "run" (suggested > by Eric Dumazet) Applied and queued up for -stable, thank you.