lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 22 Nov 2022 10:24:21 +0100
From:   Paolo Abeni <pabeni@...hat.com>
To:     Suman Ghosh <sumang@...vell.com>, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, sgoutham@...vell.com,
        sbhatta@...vell.com, jerinj@...vell.com, gakula@...vell.com,
        hkelam@...vell.com, lcherian@...vell.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [net-next PATCH] octeontx2-pf: Add support to filter packet
 based on IP fragment

Hello,

On Fri, 2022-11-18 at 11:52 +0530, Suman Ghosh wrote:
> 1. Added support to filter packets based on IP fragment.
> For IPv4 packets check for ip_flag == 0x20 (more fragment bit set).
> For IPv6 packets check for next_header == 0x2c (next_header set to
> 'fragment headre for IPv6')

typo above  ^^^^^^ header

> @@ -891,10 +896,22 @@ static int otx2_prepare_flow_request(struct ethtool_rx_flow_spec *fsp,
>  			req->features |= BIT_ULL(NPC_OUTER_VID);
>  		}
>  
> -		/* Not Drop/Direct to queue but use action in default entry */
> -		if (fsp->m_ext.data[1] &&
> -		    fsp->h_ext.data[1] == cpu_to_be32(OTX2_DEFAULT_ACTION))
> -			req->op = NIX_RX_ACTION_DEFAULT;
> +		if (fsp->m_ext.data[1]) {
> +			if (flow_type == IP_USER_FLOW) {
> +				if (be32_to_cpu(fsp->h_ext.data[1]) != 0x20)
> +					return -EINVAL;
> +
> +				pkt->ip_flag = be32_to_cpu(fsp->h_ext.data[1]);
> +				pmask->ip_flag = fsp->m_ext.data[1];

This causes a warning:

../drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c:882:48: warning: incorrect type in assignment (different base types)
../drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c:882:48:    expected unsigned char [usertype] ip_flag
../drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c:882:48:    got restricted __be32

and looks wrong: both pkt->ip_flag and pmask->ip_flag should get
be32_to_cpu, or neither of them

> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
> index e64318c110fd..a4a85e075eeb 100644
> --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
> @@ -532,6 +532,31 @@ static int otx2_tc_prepare_flow(struct otx2_nic *nic, struct otx2_tc_flow *node,
>  			req->features |= BIT_ULL(NPC_IPPROTO_ICMP6);
>  	}
>  
> +	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
> +		struct flow_match_control match;
> +
> +		flow_rule_match_control(rule, &match);
> +		if (match.mask->flags & FLOW_DIS_FIRST_FRAG) {
> +			netdev_info(nic->netdev, "HW doesn't support frag first/later");

Here and below you are better off reporting the error via the extack:
f->common.extack.


Cheers,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ