151044 – Kernel crashes when generating ICMP Frag Needed if the packet is denied by the IPSEC SPD

Bug 151044 - Kernel crashes when generating ICMP Frag Needed if the packet is denied by the IPSEC SPD

Summary: Kernel crashes when generating ICMP Frag Needed if the packet is denied by th...

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-14 12:27 UTC by Steve Hill
Modified:	2015-01-04 22:17 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-10-03 00:23:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Patch to resolve the bug (1.05 KB, patch) 2005-03-14 12:30 UTC, Steve Hill	no flags	Details \| Diff
View All

Description Steve Hill 2005-03-14 12:27:11 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0

Description of problem:
When sending a packet through IPSEC, the packet obviously grows as it is encrypted.  If the encrypted packet exceeds the MTU and has the DF flag set, the kernel generates an ICMP Frag Needed.  If that frag needed packet is denied by the SPD then the kernel locks up hard.  Admittedly, the policies are in error in this case and the network wouldn't work properly.  However, it shouldn't cause the kernel to lock up.  I have discussed this on the NetDev mailing list and Herbert Xu has written a patch (attached) which I have confirmed corrects the problem.

Version-Release number of selected component (if applicable):
kernel-2.6.10-1.770

How reproducible:
Always

Steps to Reproduce:
1. Set SPD policies which deny a locally generated packet
2. Send a near-MTU sized packet through IPSEC
  

Actual Results:  The packet exceeds MTU size when encrypted, the kernel generates a frag needed response but this gets caught by the policy (correctly).  However, this results in a hard lockup of the kernel.

Expected Results:  Frag needed packet should be dropped cleanly.

Additional info:

Discussed on the NetDev mailing list here: http://oss.sgi.com/projects/netdev/archive/2005-03/msg00790.html

Comment 1 Steve Hill 2005-03-14 12:30:12 UTC

Created attachment 111975 [details]
Patch to resolve the bug

This patch was written and signed off by Herbert Xu (NetDev mailing list)

Comment 2 Dave Jones 2005-07-15 19:41:40 UTC

An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Comment 3 Dave Jones 2005-10-03 00:23:55 UTC

This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.

There are a large number of inactive bugs in the database, and this is the only
way to purge them.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.