[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <09ac06d6-4373-0953-5ed0-ed85ef25c999@kernel.org>
Date: Mon, 1 Aug 2022 09:08:37 -0600
From: David Ahern <dsahern@...nel.org>
To: Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com>,
netdev@...r.kernel.org
Cc: "Denis V. Lunev" <den@...nvz.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Daniel Borkmann <daniel@...earbox.net>,
Yajun Deng <yajun.deng@...ux.dev>,
Roopa Prabhu <roopa@...dia.com>, linux-kernel@...r.kernel.org,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
Konstantin Khorenko <khorenko@...tuozzo.com>, kernel@...nvz.org
Subject: Re: [PATCH 1/2] neigh: fix possible DoS due to net iface start/stop
loop
On 7/29/22 4:35 AM, Alexander Mikhalitsyn wrote:
> The patch proposed doing very simple thing. It drops only packets from
it does 2 things - adds a namespace check and a performance based change
with the way the list is walked.
> the same namespace in the pneigh_queue_purge() where network interface
> state change is detected. This is enough to prevent the problem for the
> whole node preserving original semantics of the code.
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 54625287ee5b..213ec0be800b 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -386,8 +396,7 @@ static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
> neigh_flush_dev(tbl, dev, skip_perm);
> pneigh_ifdown_and_unlock(tbl, dev);
>
> - del_timer_sync(&tbl->proxy_timer);
why are you removing this line too?
> - pneigh_queue_purge(&tbl->proxy_queue);
> + pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev));
> return 0;
> }
>
Powered by blists - more mailing lists