• Eric Dumazet's avatar
    net: fix inet_getid() and ipv6_select_ident() bugs · 0a4474aa
    Eric Dumazet authored
    [ Upstream commit 39c36094 ]
    
    I noticed we were sending wrong IPv4 ID in TCP flows when MTU discovery
    is disabled.
    Note how GSO/TSO packets do not have monotonically incrementing ID.
    
    06:37:41.575531 IP (id 14227, proto: TCP (6), length: 4396)
    06:37:41.575534 IP (id 14272, proto: TCP (6), length: 65212)
    06:37:41.575544 IP (id 14312, proto: TCP (6), length: 57972)
    06:37:41.575678 IP (id 14317, proto: TCP (6), length: 7292)
    06:37:41.575683 IP (id 14361, proto: TCP (6), length: 63764)
    
    It appears I introduced this bug in linux-3.1.
    
    inet_getid() must return the old value of peer->ip_id_count,
    not the new one.
    
    Lets revert this part, and remove the prevention of
    a null identification field in IPv6 Fragment Extension Header,
    which is dubious and not even done properly.
    
    Fixes: 87c48fa3 ("ipv6: make fragment identifications less predictable")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    0a4474aa
ip6_output.c 42 KB