* [Qemu-devel] [Bug 1758091] [NEW] vmxnet3 unable to send IPv6 ESP packets
@ 2018-03-22 15:48 Thomas Jansen
2020-11-13 16:09 ` [Bug 1758091] " Thomas Huth
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Thomas Jansen @ 2018-03-22 15:48 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
My vmxnet3 network driver (in a closed source custom OS) is unable to
send network packets that are structured as follows: Ethernet-
Header(IPv6-Header(ESP(encrypted data))). I can verify that the packet
is sent in the VM but is dropped in qemu. I first encountered this
problem on qemu 2.10.1 but master is affected as well. After some debug
printing in qemu I could identify the following call chain as being
problematic:
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
The problem seems to be the definition of the ESP header
(https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload)
that does not follow the standard IPv6 extension header format starting
with next type and length. Thus the parsed ext_hdr in eth_parse_ipv6_hdr
does not contain valid data, in particular the length will contain bogus
data and lead to a info->full_hdr_len that is larger than the packet
itself and the loop would then try to read beyond the end of the packet.
Using the e1000 driver I can send these packets. My guess is that the
net_tx_pkt_parse function is not called in that case.
My guess for a fix would be to remove "case IP6_ESP:" from
eth_is_ip6_extension_header_type and not regard the ESP header as a IPv6
extension header. In a quick test this seems to fix the problem. But
that should be verified by someone who is familiar with the code.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1758091
Title:
vmxnet3 unable to send IPv6 ESP packets
Status in QEMU:
New
Bug description:
My vmxnet3 network driver (in a closed source custom OS) is unable to
send network packets that are structured as follows: Ethernet-
Header(IPv6-Header(ESP(encrypted data))). I can verify that the packet
is sent in the VM but is dropped in qemu. I first encountered this
problem on qemu 2.10.1 but master is affected as well. After some
debug printing in qemu I could identify the following call chain as
being problematic:
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
The problem seems to be the definition of the ESP header
(https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload)
that does not follow the standard IPv6 extension header format
starting with next type and length. Thus the parsed ext_hdr in
eth_parse_ipv6_hdr does not contain valid data, in particular the
length will contain bogus data and lead to a info->full_hdr_len that
is larger than the packet itself and the loop would then try to read
beyond the end of the packet.
Using the e1000 driver I can send these packets. My guess is that the
net_tx_pkt_parse function is not called in that case.
My guess for a fix would be to remove "case IP6_ESP:" from
eth_is_ip6_extension_header_type and not regard the ESP header as a
IPv6 extension header. In a quick test this seems to fix the problem.
But that should be verified by someone who is familiar with the code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1758091/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1758091] Re: vmxnet3 unable to send IPv6 ESP packets
2018-03-22 15:48 [Qemu-devel] [Bug 1758091] [NEW] vmxnet3 unable to send IPv6 ESP packets Thomas Jansen
@ 2020-11-13 16:09 ` Thomas Huth
2020-11-14 5:54 ` Thomas Jansen
2021-05-05 8:19 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2020-11-13 16:09 UTC (permalink / raw)
To: qemu-devel
The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Or mark it as "Fix Released" if the problem has been solved with a newer version of QEMU already. Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1758091
Title:
vmxnet3 unable to send IPv6 ESP packets
Status in QEMU:
Incomplete
Bug description:
My vmxnet3 network driver (in a closed source custom OS) is unable to
send network packets that are structured as follows: Ethernet-
Header(IPv6-Header(ESP(encrypted data))). I can verify that the packet
is sent in the VM but is dropped in qemu. I first encountered this
problem on qemu 2.10.1 but master is affected as well. After some
debug printing in qemu I could identify the following call chain as
being problematic:
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
The problem seems to be the definition of the ESP header
(https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload)
that does not follow the standard IPv6 extension header format
starting with next type and length. Thus the parsed ext_hdr in
eth_parse_ipv6_hdr does not contain valid data, in particular the
length will contain bogus data and lead to a info->full_hdr_len that
is larger than the packet itself and the loop would then try to read
beyond the end of the packet.
Using the e1000 driver I can send these packets. My guess is that the
net_tx_pkt_parse function is not called in that case.
My guess for a fix would be to remove "case IP6_ESP:" from
eth_is_ip6_extension_header_type and not regard the ESP header as a
IPv6 extension header. In a quick test this seems to fix the problem.
But that should be verified by someone who is familiar with the code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1758091/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1758091] Re: vmxnet3 unable to send IPv6 ESP packets
2018-03-22 15:48 [Qemu-devel] [Bug 1758091] [NEW] vmxnet3 unable to send IPv6 ESP packets Thomas Jansen
2020-11-13 16:09 ` [Bug 1758091] " Thomas Huth
@ 2020-11-14 5:54 ` Thomas Jansen
2021-05-05 8:19 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Jansen @ 2020-11-14 5:54 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Incomplete => New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1758091
Title:
vmxnet3 unable to send IPv6 ESP packets
Status in QEMU:
New
Bug description:
My vmxnet3 network driver (in a closed source custom OS) is unable to
send network packets that are structured as follows: Ethernet-
Header(IPv6-Header(ESP(encrypted data))). I can verify that the packet
is sent in the VM but is dropped in qemu. I first encountered this
problem on qemu 2.10.1 but master is affected as well. After some
debug printing in qemu I could identify the following call chain as
being problematic:
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
The problem seems to be the definition of the ESP header
(https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload)
that does not follow the standard IPv6 extension header format
starting with next type and length. Thus the parsed ext_hdr in
eth_parse_ipv6_hdr does not contain valid data, in particular the
length will contain bogus data and lead to a info->full_hdr_len that
is larger than the packet itself and the loop would then try to read
beyond the end of the packet.
Using the e1000 driver I can send these packets. My guess is that the
net_tx_pkt_parse function is not called in that case.
My guess for a fix would be to remove "case IP6_ESP:" from
eth_is_ip6_extension_header_type and not regard the ESP header as a
IPv6 extension header. In a quick test this seems to fix the problem.
But that should be verified by someone who is familiar with the code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1758091/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1758091] Re: vmxnet3 unable to send IPv6 ESP packets
2018-03-22 15:48 [Qemu-devel] [Bug 1758091] [NEW] vmxnet3 unable to send IPv6 ESP packets Thomas Jansen
2020-11-13 16:09 ` [Bug 1758091] " Thomas Huth
2020-11-14 5:54 ` Thomas Jansen
@ 2021-05-05 8:19 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2021-05-05 8:19 UTC (permalink / raw)
To: qemu-devel
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/149
** Changed in: qemu
Status: New => Expired
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #149
https://gitlab.com/qemu-project/qemu/-/issues/149
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1758091
Title:
vmxnet3 unable to send IPv6 ESP packets
Status in QEMU:
Expired
Bug description:
My vmxnet3 network driver (in a closed source custom OS) is unable to
send network packets that are structured as follows: Ethernet-
Header(IPv6-Header(ESP(encrypted data))). I can verify that the packet
is sent in the VM but is dropped in qemu. I first encountered this
problem on qemu 2.10.1 but master is affected as well. After some
debug printing in qemu I could identify the following call chain as
being problematic:
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
The problem seems to be the definition of the ESP header
(https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload)
that does not follow the standard IPv6 extension header format
starting with next type and length. Thus the parsed ext_hdr in
eth_parse_ipv6_hdr does not contain valid data, in particular the
length will contain bogus data and lead to a info->full_hdr_len that
is larger than the packet itself and the loop would then try to read
beyond the end of the packet.
Using the e1000 driver I can send these packets. My guess is that the
net_tx_pkt_parse function is not called in that case.
My guess for a fix would be to remove "case IP6_ESP:" from
eth_is_ip6_extension_header_type and not regard the ESP header as a
IPv6 extension header. In a quick test this seems to fix the problem.
But that should be verified by someone who is familiar with the code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1758091/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-05 8:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-22 15:48 [Qemu-devel] [Bug 1758091] [NEW] vmxnet3 unable to send IPv6 ESP packets Thomas Jansen
2020-11-13 16:09 ` [Bug 1758091] " Thomas Huth
2020-11-14 5:54 ` Thomas Jansen
2021-05-05 8:19 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.