Your message dated Tue, 12 Jun 2018 21:23:28 +0000
with message-id <[email protected]>
and subject line Bug#891400: fixed in tinc 1.0.34-1
has caused the Debian Bug report #891400,
regarding tinc: Incorrect ICMPv6 Checksum
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
891400: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891400
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tinc
Version: 1.0.33-1
Severity: important

Dear Guus,

I have been using tinc since 2009 and it is great!

When PMTUDiscovery=yes and Mode=switch, and if ipv6 is used inside
tinc, the ICMPv6 "Packet Too Big" packets have incorrect checksums.
It can be reproduced by `ping6 <host in tinc> -s 1800` and `tcpdump -i
<tinc interface>`.  Consequently, the host ignores the tinc-generated
ICMPv6 packets, PMTUDiscovery does not work and the connections freeze
when data flows are big.

I find the bug is gone if the function "inet_checksum" in route.c is
not inlined, either by compiling tinc with "-O2
-fno-inline-functions", or apply a patch such as,

diff --git a/src/route.c b/src/route.c
index ff82c06e..cd55383a 100644
--- a/src/route.c
+++ b/src/route.c
@@ -60,7 +60,7 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr);

 /* RFC 1071 */

-static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
+__attribute__ ((noinline)) static uint16_t inet_checksum(void *data, int len, 
uint16_t prevsum) {
        uint16_t *p = data;
        uint32_t checksum = prevsum ^ 0xFFFF;



I have tested with gcc-7.3.0 and gcc-5.4.0.  They behaved the same.  I
am not good at assembly to find out what really happened, but it is
for sure that inet_checksum does not work as expected if compiled
inline.

Thanks!

Yours,
Benda

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tinc depends on:
ii  libc6      2.26-2
ii  liblzo2-2  2.08-1.2+b2
ii  libssl1.1  1.1.0g-2
ii  lsb-base   9.20170808
ii  zlib1g     1:1.2.8.dfsg-5

tinc recommends no packages.

tinc suggests no packages.

--- End Message ---
--- Begin Message ---
Source: tinc
Source-Version: 1.0.34-1

We believe that the bug you reported is fixed in the latest version of
tinc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guus Sliepen <[email protected]> (supplier of updated tinc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Jun 2018 23:00:49 +0200
Source: tinc
Binary: tinc
Architecture: source amd64
Version: 1.0.34-1
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen <[email protected]>
Changed-By: Guus Sliepen <[email protected]>
Description:
 tinc       - Virtual Private Network daemon
Closes: 887116 887401 891400
Changes:
 tinc (1.0.34-1) unstable; urgency=medium
 .
   [ Guus Sliepen ]
   * New upstream release.
     - Fixes a potential segmentation fault when connecting to an IPv6
       peer via a proxy. Closes: #887401
   * Add support for the $EXTRA variable in /etc/default/tinc when using
     systemd. Closes: #887116
 .
   [ Benda Xu ]
   * Prevent possible incorrect IPv6 checksums due to function inlining.
     Closes: #891400
Checksums-Sha1:
 8cf59dbf5dceffaef3bf4b5a01e36656537687f3 1979 tinc_1.0.34-1.dsc
 2ec0d30b9388afcb511076e6bde17c7a84325bb6 484174 tinc_1.0.34.orig.tar.gz
 3b7173f754bac96f4cf9b80e4d50ffc8a64e128e 1338 tinc_1.0.34.orig.tar.gz.asc
 01dd85027278e77b2ed6703316d57040d9eec877 15172 tinc_1.0.34-1.debian.tar.xz
 f1802a45c05114c791c19298528a5a8366d911f9 217148 tinc-dbgsym_1.0.34-1_amd64.deb
 029e597829a125aba12ed4b80cb0ced2ceb472ab 7249 tinc_1.0.34-1_amd64.buildinfo
 7e2f8068725aa3805f6099d63b69b61faa819954 209720 tinc_1.0.34-1_amd64.deb
Checksums-Sha256:
 921e0fbd6f7aacc7188df57c17816cad542c2ca8dae2e9333d2b0270765721a9 1979 
tinc_1.0.34-1.dsc
 c03a9b61dedd452116dd9a8db231545ba08a7c96bce011e0cbd3cfd2c56dcfda 484174 
tinc_1.0.34.orig.tar.gz
 42fc2f8a0e367ad369f87a5ea478dc7145e8356b3c2ad50b28bd1e6176f09898 1338 
tinc_1.0.34.orig.tar.gz.asc
 186cf453273b6384859f2ff8bdde342cb9d323e4b1f9d3e7c2b3e9ee2f05db10 15172 
tinc_1.0.34-1.debian.tar.xz
 80cbc9c561fc3455c66354faed97f0c8f05ae1a86c3078bfa561b7f23bb47f1f 217148 
tinc-dbgsym_1.0.34-1_amd64.deb
 03ec591a272d2c134d3de9f565debc6d4445357d69a6cd83cb98c6a2b26c1850 7249 
tinc_1.0.34-1_amd64.buildinfo
 1dfab25ca90a11d5e5a178e9f34ec2e62ce2c49281944fee35e79c309546931d 209720 
tinc_1.0.34-1_amd64.deb
Files:
 0de3df62107f202f367e39984d737a1a 1979 net optional tinc_1.0.34-1.dsc
 05ccf540a0b37ab1087595eb4daa2e80 484174 net optional tinc_1.0.34.orig.tar.gz
 edfdfb1f5aa23e064587da69c58a9402 1338 net optional tinc_1.0.34.orig.tar.gz.asc
 5ca4b2cb934f2eb8e7012512e9db12f3 15172 net optional tinc_1.0.34-1.debian.tar.xz
 5e24ad94c0dbb90d4178ab09c1b372b1 217148 debug optional 
tinc-dbgsym_1.0.34-1_amd64.deb
 c574cb8e29fe1972242993ba5fb45edd 7249 net optional 
tinc_1.0.34-1_amd64.buildinfo
 5e80eb635501a7ad6fa6da56178e20ec 209720 net optional tinc_1.0.34-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAlsgNKYACgkQP0kN64ce
+fq3og/+OoMpgbClEO7Vwvuio2rjBo4Ah0IUEPZAp6ZWPO9JTFr2WVSB2qrWWc78
KwKjWwDW29UX5iadzX3e8oFG2xQQD1C9vh0ESYyiSMlVpvxhVg391nH4Z2twLV3Q
cWzQFde81Nuugy5NxsC5lzwXq7dO9A30lD4hqbLZjxyRGoArxZdqJkL9OuJm25fc
qjTFO0i7Pc30+MhQ+Z+IrcRTT8PpyBjBv14F/7xD372r2u6gHXC/Q/DRPeSNualr
yVo4vxxWrAvefR9M4NjZRtru4k3oZFJ9Wn9BLxbX2JbdckqcYu+ImSj4aChEgm8D
DT8nJ6DX2Ayz/hvmLX+8mUbTCvs6J8JsWPkk1ME8X+NtY66zZUkPFoJwOGJLhvd/
ZIoWhQuUFSAiWIqe3ppW3nczWF3MGCNFslLoR+sxKsJiR5DVD6Q8lXgb72gW748b
QF39MZ0OUv8gVsnDUdKooTX0kIMbGHPEEPMSknWb0bYkekcENW6t/miBmc87XuZv
5AUxk5OWT09uTjWuluHLigsOYd4deUEAZKnWS5S3vMVyWb6ivBbPeaii0lr/Kl79
TAjAW4E5qByFN8hENFbsC/FLOWdYmCDCWdRiTN7W020NPAB6vJ2rkWBDmaj27IrC
DSPkV348a96jnS68+msjTwvfpS2JN/K9EGguTVJCVHkAJv9qQvE=
=7gy7
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to