svn commit: r352868 - in head/sys/netinet: . tcp_stacks
Michael Tuexen
tuexen at freebsd.org
Mon Sep 30 16:19:07 UTC 2019
> On 30. Sep 2019, at 16:21, Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
>
> On Sun, Sep 29, 2019 at 10:45:13AM +0000, Michael Tuexen wrote:
>
>> Author: tuexen
>> Date: Sun Sep 29 10:45:13 2019
>> New Revision: 352868
>> URL: https://svnweb.freebsd.org/changeset/base/352868
>>
>> Log:
>> RFC 7112 requires a host to put the complete IP header chain
>> including the TCP header in the first IP packet.
>> Enforce this in tcp_output(). In addition make sure that at least
>> one byte payload fits in the TCP segement to allow making progress.
>> Without this check, a kernel with INVARIANTS will panic.
>> This issue was found by running an instance of syzkaller.
>
> How to posible this?
> Host required to handle packets up to 576 bytes, how to IP and TCP
> options can exhaust this size?
You are thinking about IPv4. There you have small limits. But in the
IPv6 case, you can have header chains longer than, for example, 1500 bytes.
And you can trigger these using the socket API. That is how syzkaller
found this issue.
Best regards
Michael
More information about the svn-src-head
mailing list