lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 05 Apr 2007 23:21:33 -0400
From:	Brian Haley <brian.haley@...com>
To:	David Miller <davem@...emloft.net>,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Cc:	netdev@...r.kernel.org
Subject: [PATCH 4/4] Add loopback address type inline

Add loopback address type inline to avoid calls to ipv6_addr_type().

Signed-off-by: Brian Haley <brian.haley@...com>
---
  include/net/ipv6.h    |    7 +++++++
  net/ipv6/ip6_output.c |    5 +++--
  net/ipv6/route.c      |    8 +++-----
  3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index f3e13db..d87f421 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -388,6 +388,13 @@ static inline int ipv6_addr_any(const struct in6_addr *a)
  		 a->s6_addr32[2] | a->s6_addr32[3] ) == 0);
  }

+static inline int ipv6_addr_loopback(const struct in6_addr *a)
+{
+	return ((a->s6_addr32[0] | a->s6_addr32[1] |
+		 a->s6_addr32[2] ) == 0 &&
+		 a->s6_addr32[3] == htonl(0x00000001));
+}
+
  /*
   * find the first different bit between two addresses
   * length of address must be a multiple of 32bits
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index f6aa338..7f1aabe 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -455,8 +455,9 @@ int ip6_forward(struct sk_buff *skb)
  		 */
  		if (xrlim_allow(dst, 1*HZ))
  			ndisc_send_redirect(skb, n, target);
-	} else if (ipv6_addr_type(&hdr->saddr)&(IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK
-						|IPV6_ADDR_LINKLOCAL)) {
+	} else if (ipv6_addr_type_multicast(&hdr->saddr) ||
+		   ipv6_addr_loopback(&hdr->saddr) ||
+		   ipv6_addr_scope_linklocal(&hdr->saddr)) {
  		/* This check is security critical. */
  		goto error;
  	}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 32c6398..06ee92d 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1067,7 +1067,6 @@ int ip6_route_add(struct fib6_config *cfg)
  	struct net_device *dev = NULL;
  	struct inet6_dev *idev = NULL;
  	struct fib6_table *table;
-	int addr_type;

  	if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128)
  		return -EINVAL;
@@ -1108,9 +1107,7 @@ int ip6_route_add(struct fib6_config *cfg)
  		cfg->fc_protocol = RTPROT_BOOT;
  	rt->rt6i_protocol = cfg->fc_protocol;

-	addr_type = ipv6_addr_type(&cfg->fc_dst);
-
-	if (addr_type & IPV6_ADDR_MULTICAST)
+	if (ipv6_addr_type_multicast(&cfg->fc_dst))
  		rt->u.dst.input = ip6_mc_input;
  	else
  		rt->u.dst.input = ip6_forward;
@@ -1133,7 +1130,8 @@ int ip6_route_add(struct fib6_config *cfg)
  	   they would result in kernel looping; promote them to reject routes
  	 */
  	if ((cfg->fc_flags & RTF_REJECT) ||
-	    (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
+	    (dev && (dev->flags&IFF_LOOPBACK) &&
+	     !ipv6_addr_loopback(&cfg->fc_dst))) {
  		/* hold loopback dev/idev if we haven't done so. */
  		if (dev != &loopback_dev) {
  			if (dev) {
-- 
1.5.0.3

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists