lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 09 Apr 2013 11:08:33 -0700
From:	Sridhar Samudrala <sri@...ibm.com>
To:	Cong Wang <amwang@...hat.com>
Cc:	netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>
Subject: Re: [Patch net-next] vxlan: revert "vxlan: Bypass encapsulation if
 the destination is local"

On Tue, 2013-04-09 at 17:57 +0800, Cong Wang wrote:
> From: Cong Wang <amwang@...hat.com>
> 
> This reverts commit 9dcc71e1fdbb7aa10d92a3d35e8a201adc84abd0.
> It apparently breaks my vxlan tests between different namespaces.
> 
I haven't tried vxlan with network namespaces.
This patch effects the following 2 code paths
- when source and destination endpoints are on the same bridge and
  route short-circuiting is enabled. I guess you are not hitting
  this path as this is possible only if you specify 'rsc' flag when
  creating vxlan device.
- when source and destination endpoints belonging to different vni's
  are on 2 different bridges on the same host. encap bypass is done
  in this scenario by checking if rt_flags has RTCF_LOCAL set. I think
  you must be hitting this path and the following patch should fix
  it by only doing bypass if the source and dest devices belong to 
  the same net. Can you try it and see if it fixes your tests?

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 9a64715..d53d8cb 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1012,12 +1012,15 @@ static netdev_tx_t vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 		goto tx_error;
 	}
 
-	/* Bypass encapsulation if the destination is local */
-	if (rt->rt_flags & RTCF_LOCAL) {
+	/* Bypass encapsulation if the destination is local and in the same
+	   network namespace.
+	 */
+	if (net_eq(dev_net(dev), dev_net(rt->dst.dev)) &&
+	     rt->rt_flags & RTCF_LOCAL) {
 		struct vxlan_dev *dst_vxlan;
 
+		dst_vxlan = vxlan_find_vni(dev_net(rt->dst.dev), vni);
 		ip_rt_put(rt);
-		dst_vxlan = vxlan_find_vni(dev_net(dev), vni);
 		if (!dst_vxlan)
 			goto tx_error;
 		vxlan_encap_bypass(skb, vxlan, dst_vxlan);

  
Thanks
Sridhar


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ