lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Apr 2013 15:59:49 +0900
From:	Atzm Watanabe <atzm@...atosphere.co.jp>
To:	Mike Rapoport <mike.rapoport@...ellosystems.com>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/2] vxlan: allow specifying multiple default destinations

At Thu, 25 Apr 2013 14:03:49 +0300,
Mike Rapoport wrote:
> +/* Add remote to default destinations list */
> +static int vxlan_remote_add(struct vxlan_dev *vxlan, struct nlattr *attr)
> +{
> +	struct vxlan_addr ip;
> +	struct nlattr *i;
> +	u32 port, ifindex, vni;
> +	int rem, err = 0;
> +	bool addr_set = false;
> +
> +	port = vxlan_port;
> +	vni = vxlan->default_dst.remote_vni;
> +	ifindex = vxlan->default_dst.remote_ifindex;
> +
> +	nla_for_each_nested(i, attr, rem) {
> +		switch (nla_type(i)) {
> +		case IFLA_VXLAN_REMOTE_ADDR:
> +			err = vxlan_nla_get_addr(&ip, i);
> +			addr_set = true;
> +			break;
> +		case IFLA_VXLAN_REMOTE_PORT:
> +			port = nla_get_u32(attr);
> +			break;
> +		case IFLA_VXLAN_REMOTE_VNI:
> +			vni = nla_get_u32(attr);
> +			break;
> +		case IFLA_VXLAN_REMOTE_IFINDEX:
> +			ifindex = nla_get_u32(attr);
> +			break;
> +		default:
> +			err = -EINVAL;
> +			break;
> +		};
> +
> +		if (err)
> +			return err;
> +	}
> +
> +	if (!addr_set)
> +		return -EINVAL;
> +
> +	err = vxlan_rdst_append(&vxlan->default_dst, &ip,
> +				port, vni, ifindex);
> +	if (err < 0)
> +		return err;
> +
> +	if (err == 0)
> +		return -EEXIST;
> +
> +	vxlan->remote_cnt++;
> +
> +#if IS_ENABLED(CONFIG_IPV6)
> +	if (ip.va_sa == AF_INET6)
> +		netdev_dbg(vxlan->dev, "dstadd %pI6\n", &ip.va_sin6);
> +	else
> +#endif
> +		netdev_dbg(vxlan->dev, "dstadd %pI4\n", &ip.va_sin);
> +
> +	return 0;
> +}
> +
> +static void vxlan_remote_destroy(struct vxlan_dev *vxlan,
> +				 struct vxlan_rdst *rd)
> +{
> +#if IS_ENABLED(CONFIG_IPV6)
> +	if (rd->remote_ip.va_sa == AF_INET6)
> +		netdev_dbg(vxlan->dev, "dstdel %pI6\n", &rd->remote_ip.va_sin6);
> +	else
> +#endif
> +		netdev_dbg(vxlan->dev, "dstdel %pI4\n", &rd->remote_ip.va_sin);
> +
> +	--vxlan->remote_cnt;
> +	kfree(rd);
> +}
> +
> +/* Delete remote from default destinations list */
> +static int vxlan_remote_delete(struct vxlan_dev *vxlan, struct nlattr *attr)
> +{
> +	struct vxlan_rdst *rd, *rd_prev = NULL;
> +	struct vxlan_addr ip;
> +	int err;
> +
> +	err = vxlan_nla_get_addr(&ip, attr);
> +	if (err)
> +		return err;
> +
> +	rd_prev = &vxlan->default_dst;
> +
> +	for (rd = vxlan->default_dst.remote_next; rd; rd = rd->remote_next) {
> +		if (vxlan_addr_equal(&rd->remote_ip, &ip)) {
> +			rd_prev->remote_next = rd->remote_next;
> +			vxlan_remote_destroy(vxlan, rd);
> +			return 0;
> +		}
> +		rd_prev = rd;
> +	}
> +
> +	return -ENOENT;
> +}

I think the default destinations should be used for not only sending
but receiving, so when multicast address was added, it should be
joined to the group, if the interface state is up.
(Forbidding the change on the running interface may make it easy.)

Also vxlan_open() and vxlan_stop() will need to control the
membership of groups in the default destination list.


>  /* See if multicast group is already in use by other ID */
>  static bool vxlan_group_used(struct vxlan_net *vn,
> @@ -1500,6 +1600,14 @@ static void vxlan_flush(struct vxlan_dev *vxlan)
>  	spin_unlock_bh(&vxlan->hash_lock);
>  }
>  
> +static void vxlan_remotes_flush(struct vxlan_dev *vxlan)
> +{
> +	struct vxlan_rdst *rd;
> +
> +	for (rd = vxlan->default_dst.remote_next; rd; rd = rd->remote_next)
> +		vxlan_remote_destroy(vxlan, rd);
> +}
> +
>  /* Cleanup timer and forwarding table on shutdown */
>  static int vxlan_stop(struct net_device *dev)
>  {
> @@ -1511,6 +1619,7 @@ static int vxlan_stop(struct net_device *dev)
>  	del_timer_sync(&vxlan->age_timer);
>  
>  	vxlan_flush(vxlan);
> +	vxlan_remotes_flush(vxlan);
>  
>  	return 0;
>  }

vxlan_stop() is called when interface state changes to down.
I think the default destinations should not be flushed at this timing,
and this should be done at dellink instead.


Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ