lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 18 Aug 2013 14:24:16 +1000
From:	Simon Horman <horms@...ge.net.au>
To:	netdev@...r.kernel.org, steffen.klassert@...unet.com,
	yoshfuji@...ux-ipv6.org, nicolas.dichtel@...nd.com
Subject: Re: [PATCH ipsec 1/3] ipv6: wire up skb->encapsulation

On Sat, Aug 17, 2013 at 08:07:38PM +0200, Hannes Frederic Sowa wrote:
> Hi Simon!
> 
> On Sat, Aug 17, 2013 at 07:51:16PM +0200, Hannes Frederic Sowa wrote:
> > When pushing a new header before current one call skb_reset_inner_headers
> > to record the position of the inner headers in the various ipv6 tunnel
> > protocols.
> > 
> > We later need this to correctly identify the addresses needed to send
> > back an error in the xfrm layer.
> > 
> > This change is safe, because skb->protocol is always checked before
> > dereferencing data from the inner protocol.
> > 
> > Cc: Steffen Klassert <steffen.klassert@...unet.com>
> > Cc: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
> > Cc: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> > ---
> > 
> > This patch is based on Steffen Klassert's ipsec tree.
> > 
> >  net/ipv6/ip6_gre.c    | 5 +++++
> >  net/ipv6/ip6_tunnel.c | 6 ++++++
> >  net/ipv6/sit.c        | 5 +++++
> >  3 files changed, 16 insertions(+)
> > 
> > diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> > index ecd6073..90747f1 100644
> > --- a/net/ipv6/ip6_gre.c
> > +++ b/net/ipv6/ip6_gre.c
> > @@ -724,6 +724,11 @@ static netdev_tx_t ip6gre_xmit2(struct sk_buff *skb,
> >  		ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL);
> >  	}
> >  
> > +	if (likely(!skb->encapsulation)) {
> > +		skb_reset_inner_headers(skb);
> > +		skb->encapsulation = 1;
> > +	}
> > +
> 
> While doing these patches, I wondered how skb->inner_protocol will be
> used in future (you added it in 0d89d2035fe063461a5ddb609b2c12e7fb006e44
> ("MPLS: Add limited GSO support")). Current use by tunnels seems safe to
> me, but I wondered how you would extend its use?

Hi,

I must confess that I'm not entirely sure that I understand the question.

The purpose of adding inner_protocol was to allow GSO of MPLS as MPLS is
rather special and does not include the inner protocol anywhere in the
packet. So this allows it to be known when GSO occurs if it was previously
known - I believe the sole use-case here is if a packet wasn't MPLS when
received but then turned into MPLS by Open vSwtich.

I'm not aware of any other encapsulation/tunnelling protocols which share
MPLS's unusual property of not including the inner-protocol in the packet,
but if they exist then skb->inner_protocol may be useful when adding GSO
support for them.

Beyond that I do not envisage any extension of the use of
skb->inner_protocol at this point. But I feel that somehow I am missing
the point of your question.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ