lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240830162627.4ba37aa3@kernel.org>
Date: Fri, 30 Aug 2024 16:26:27 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Menglong Dong <menglong8.dong@...il.com>
Cc: idosch@...dia.com, davem@...emloft.net, edumazet@...gle.com,
 pabeni@...hat.com, dsahern@...nel.org, dongml2@...natelecom.cn,
 amcohen@...dia.com, gnault@...hat.com, bpoirier@...dia.com,
 b.galvani@...il.com, razor@...ckwall.org, petrm@...dia.com,
 linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 06/12] net: vxlan: make vxlan_set_mac()
 return drop reasons

On Fri, 30 Aug 2024 09:59:55 +0800 Menglong Dong wrote:
> -static bool vxlan_set_mac(struct vxlan_dev *vxlan,
> -			  struct vxlan_sock *vs,
> -			  struct sk_buff *skb, __be32 vni)
> +static enum skb_drop_reason vxlan_set_mac(struct vxlan_dev *vxlan,
> +					  struct vxlan_sock *vs,
> +					  struct sk_buff *skb, __be32 vni)
>  {
>  	union vxlan_addr saddr;
>  	u32 ifindex = skb->dev->ifindex;
> @@ -1620,7 +1620,7 @@ static bool vxlan_set_mac(struct vxlan_dev *vxlan,
>  
>  	/* Ignore packet loops (and multicast echo) */
>  	if (ether_addr_equal(eth_hdr(skb)->h_source, vxlan->dev->dev_addr))
> -		return false;
> +		return (u32)VXLAN_DROP_INVALID_SMAC;

It's the MAC address of the local interface, not just invalid...

>  	/* Get address from the outer IP header */
>  	if (vxlan_get_sk_family(vs) == AF_INET) {
> @@ -1635,9 +1635,9 @@ static bool vxlan_set_mac(struct vxlan_dev *vxlan,
>  
>  	if ((vxlan->cfg.flags & VXLAN_F_LEARN) &&
>  	    vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source, ifindex, vni))
> -		return false;
> +		return (u32)VXLAN_DROP_ENTRY_EXISTS;

... because it's vxlan_snoop() that checks:

        if (!is_valid_ether_addr(src_mac))
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ