lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241001060005.418231-1-dongml2@chinatelecom.cn>
Date: Tue,  1 Oct 2024 13:59:58 +0800
From: Menglong Dong <menglong8.dong@...il.com>
To: edumazet@...gle.com,
	atenart@...nel.org
Cc: davem@...emloft.net,
	kuba@...nel.org,
	pabeni@...hat.com,
	dsahern@...nel.org,
	steffen.klassert@...unet.com,
	herbert@...dor.apana.org.au,
	dongml2@...natelecom.cn,
	bigeasy@...utronix.de,
	toke@...hat.com,
	idosch@...dia.com,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	bpf@...r.kernel.org
Subject: [PATCH net-next 0/7] net: ip: add drop reasons to input route

In this series, we mainly add some skb drop reasons to the input path of
ip routing.

The function ip_route_input_noref() is used commonly, and its return value
is used by the caller sometimes. So, it's not easy to make it return skb
drop reasons. Instead, we add the pointer of the drop reason to the
function arguments of it. And we do the same things to
ip_route_input_rcu() and ip_route_input_slow().

The errno from fib_validate_source() is -EINVAL or -EXDEV, and -EXDEV is
used in ip_rcv_finish_core() to increase the LINUX_MIB_IPRPFILTER. For
this case, we can check it by
"drop_reason == SKB_DROP_REASON_IP_RPFILTER" instead. Therefore, we can
make fib_validate_source() return -reason. Meanwhile, we make
ip_route_input_mc() and ip_mc_validate_source() return drop reason.

Following new skb drop reasons are added:

  SKB_DROP_REASON_IP_LOCAL_SOURCE
  SKB_DROP_REASON_IP_INVALID_SOURCE
  SKB_DROP_REASON_IP_INVALID_DEST
  SKB_DROP_REASON_IP_LOCALNET

Menglong Dong (7):
  net: ip: add drop reason to ip_route_input_noref()
  net: ip: add drop reason to ip_route_input_rcu()
  net: ip: add drop reason to ip_route_input_slow()
  net: ip: make fib_validate_source() return drop reason
  net: ip: make ip_route_input_mc() return drop reason
  net: ip: make ip_mc_validate_source() return drop reason
  net: ip: fix typo in the doc of SKB_DROP_REASON_IP_INNOROUTES

 drivers/net/ipvlan/ipvlan_l3s.c |   2 +-
 include/net/dropreason-core.h   |  21 +++++-
 include/net/route.h             |  12 ++--
 net/core/lwt_bpf.c              |   2 +-
 net/ipv4/arp.c                  |   2 +-
 net/ipv4/fib_frontend.c         |  19 ++++--
 net/ipv4/ip_fragment.c          |   2 +-
 net/ipv4/ip_input.c             |  11 ++--
 net/ipv4/route.c                | 111 +++++++++++++++++++++-----------
 net/ipv4/xfrm4_input.c          |   2 +-
 net/ipv4/xfrm4_protocol.c       |   2 +-
 11 files changed, 122 insertions(+), 64 deletions(-)

-- 
2.39.5


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ