| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Date: Thu, 7 Nov 2024 20:55:52 +0800 From: Menglong Dong <menglong8.dong@...il.com> To: pabeni@...hat.com Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, horms@...nel.org, dsahern@...nel.org, pablo@...filter.org, kadlec@...filter.org, roopa@...dia.com, razor@...ckwall.org, gnault@...hat.com, bigeasy@...utronix.de, hawk@...nel.org, idosch@...dia.com, dongml2@...natelecom.cn, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, bridge@...ts.linux.dev, bpf@...r.kernel.org Subject: [PATCH net-next v5 0/9] net: ip: add drop reasons to input route In this series, we mainly add some skb drop reasons to the input path of ip routing, and we make the following functions return drop reasons: fib_validate_source() ip_route_input_mc() ip_mc_validate_source() ip_route_input_slow() ip_route_input_rcu() ip_route_input_noref() ip_route_input() ip_mkroute_input() __mkroute_input() ip_route_use_hint() And following new skb drop reasons are added: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE SKB_DROP_REASON_IP_LOCALNET SKB_DROP_REASON_IP_INVALID_DEST Changes since v4: - in the 6th patch: remove the unneeded "else" in ip_expire() - in the 8th patch: delete the unneeded comment in __mkroute_input() - in the 9th patch: replace "return 0" with "return SKB_NOT_DROPPED_YET" in ip_route_use_hint() Changes since v3: - don't refactor fib_validate_source/__fib_validate_source, and introduce a wrapper for fib_validate_source() instead in the 1st patch. - some small adjustment in the 4-7 patches Changes since v2: - refactor fib_validate_source and __fib_validate_source to make fib_validate_source return drop reasons - add the 9th and 10th patches to make this series cover the input route code path Changes since v1: - make ip_route_input_noref/ip_route_input_rcu/ip_route_input_slow return drop reasons, instead of passing a local variable to their function arguments. Menglong Dong (9): net: ip: make fib_validate_source() support drop reasons net: ip: make ip_route_input_mc() return drop reason net: ip: make ip_mc_validate_source() return drop reason net: ip: make ip_route_input_slow() return drop reasons net: ip: make ip_route_input_rcu() return drop reasons net: ip: make ip_route_input_noref() return drop reasons net: ip: make ip_route_input() return drop reasons net: ip: make ip_mkroute_input/__mkroute_input return drop reasons net: ip: make ip_route_use_hint() return drop reasons include/net/dropreason-core.h | 26 ++++ include/net/ip_fib.h | 12 ++ include/net/route.h | 34 ++--- net/bridge/br_netfilter_hooks.c | 11 +- net/core/lwt_bpf.c | 6 +- net/ipv4/fib_frontend.c | 17 ++- net/ipv4/icmp.c | 2 +- net/ipv4/ip_fragment.c | 11 +- net/ipv4/ip_input.c | 20 ++- net/ipv4/ip_options.c | 2 +- net/ipv4/route.c | 211 ++++++++++++++++++-------------- net/ipv6/seg6_local.c | 14 +-- 12 files changed, 225 insertions(+), 141 deletions(-) -- 2.39.5
Powered by blists - more mailing lists