| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADxym3YkROBgjbd0-h6nk2nxKkzofjCdJ6k9PLE86BQzKoxKUA@mail.gmail.com>
Date: Sun, 1 Sep 2024 21:02:17 +0800
From: Menglong Dong <menglong8.dong@...il.com>
To: Alexander Lobakin <aleksander.lobakin@...el.com>
Cc: idosch@...dia.com, kuba@...nel.org, davem@...emloft.net,
edumazet@...gle.com, pabeni@...hat.com, dsahern@...nel.org,
dongml2@...natelecom.cn, amcohen@...dia.com, gnault@...hat.com,
bpoirier@...dia.com, b.galvani@...il.com, razor@...ckwall.org,
petrm@...dia.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 07/12] net: vxlan: add skb drop reasons to vxlan_rcv()
On Fri, Aug 30, 2024 at 11:04 PM Alexander Lobakin
<aleksander.lobakin@...el.com> wrote:
>
> From: Menglong Dong <menglong8.dong@...il.com>
> Date: Fri, 30 Aug 2024 09:59:56 +0800
>
> > Introduce skb drop reasons to the function vxlan_rcv(). Following new
> > vxlan drop reasons are added:
> >
> > VXLAN_DROP_INVALID_HDR
> > VXLAN_DROP_VNI_NOT_FOUND
> >
> > And Following core skb drop reason is added:
>
> "the following", lowercase + "the".
>
Okay!
> >
> > SKB_DROP_REASON_IP_TUNNEL_ECN
> >
> > Signed-off-by: Menglong Dong <dongml2@...natelecom.cn>
>
> [...]
>
> > @@ -23,6 +25,14 @@ enum vxlan_drop_reason {
> > * one pointing to a nexthop
> > */
> > VXLAN_DROP_ENTRY_EXISTS,
> > + /**
> > + * @VXLAN_DROP_INVALID_HDR: the vxlan header is invalid, such as:
>
> Same as before, "VXLAN" in uppercase I'd say.
>
> > + * 1) the reserved fields are not zero
> > + * 2) the "I" flag is not set
> > + */
> > + VXLAN_DROP_INVALID_HDR,
> > + /** @VXLAN_DROP_VNI_NOT_FOUND: no vxlan device found for the vni */
>
> ^
>
> > + VXLAN_DROP_VNI_NOT_FOUND,
> > };
>
> [...]
>
> > if (!raw_proto) {
> > - if (!vxlan_set_mac(vxlan, vs, skb, vni))
> > + reason = vxlan_set_mac(vxlan, vs, skb, vni);
> > + if (reason)
> > goto drop;
>
> This piece must go in the previous patch, see my comment there.
>
Yeah, I'll do it.
> [...]
>
> > @@ -1814,8 +1830,9 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
> > return 0;
> >
> > drop:
> > + reason = reason ?: SKB_DROP_REASON_NOT_SPECIFIED;
>
> Is this possible that @reason will be 0 (NOT_DROPPED_YET) here? At the
> beginning of the function, it's not initialized, then each error path
> sets it to a specific value. In most paths, you check for it being != 0
> as a sign of error, so I doubt it can be 0 here.
>
It can be 0 here, as we don't set a reason for every "goto drop"
path. For example, in the line:
if (!vs)
goto drop;
we don't set a reason, and the "reason" is 0 when we "goto drop",
as I don't think that it is worth introducing a reason here.
Thanks!
Menglong Dong
> > /* Consume bad packet */
> > - kfree_skb(skb);
> > + kfree_skb_reason(skb, reason);
> > return 0;
> > }
>
> Thanks,
> Olek
Powered by blists - more mailing lists