Message ID | 200909031925.54197.cratiu@ixiacom.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Cosmin Ratiu <cratiu@ixiacom.com> Date: Thu, 3 Sep 2009 19:25:53 +0300 > Hello, > > Here is a patch which fixes an issue observed when using TCP over IPv6 and AH > from IPsec. > > When a connection gets closed the 4-way method and the last ACK from the > server gets dropped, the subsequent FINs from the client do not get ACKed > because tcp_v6_send_response does not set the transport header pointer. This > causes ah6_output to try to allocate a lot of memory, which typically fails, > so the ACKs never make it out of the stack. > > I have reproduced the problem on kernel 2.6.7, but after looking at the latest > kernel it seems the problem is still there. > > Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com> Great catch. IPV4 handles this transparently via ip_append_data() which is what it uses to send these kinds of frames. IPV6 does this stuff by hand. Applied to net-next-2.6, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index d849dd5..776e911 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1003,6 +1003,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); t1 = (struct tcphdr *) skb_push(buff, tot_len); + skb_reset_transport_header(skb); /* Swap the send and the receive. */ memset(t1, 0, sizeof(*t1));
Hello, Here is a patch which fixes an issue observed when using TCP over IPv6 and AH from IPsec. When a connection gets closed the 4-way method and the last ACK from the server gets dropped, the subsequent FINs from the client do not get ACKed because tcp_v6_send_response does not set the transport header pointer. This causes ah6_output to try to allocate a lot of memory, which typically fails, so the ACKs never make it out of the stack. I have reproduced the problem on kernel 2.6.7, but after looking at the latest kernel it seems the problem is still there. Cosmin. Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com> --- net/ipv6/tcp_ipv6.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)