lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 20 May 2014 19:05:28 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	Simon Horman <horms@...ge.net.au>
Cc:	"dev@...nvswitch.org" <dev@...nvswitch.org>,
	netdev <netdev@...r.kernel.org>,
	Pravin B Shelar <pshelar@...ira.com>,
	Ben Pfaff <blp@...ira.com>, Ravi K <rkerur@...il.com>,
	Joe Stringer <joe@...d.net.nz>
Subject: Re: [PATCH v2.57] datapath: Add basic MPLS support to kernel

On Tue, May 20, 2014 at 3:48 AM, Simon Horman <horms@...ge.net.au> wrote:
> On Mon, May 19, 2014 at 06:34:05PM -0700, Jesse Gross wrote:
>> On Thu, May 15, 2014 at 4:07 PM, Simon Horman <horms@...ge.net.au> wrote:
>> > diff --git a/datapath/actions.c b/datapath/actions.c
>> > index 603c7cb..7c3ae0c 100644
>> > --- a/datapath/actions.c
>> > +++ b/datapath/actions.c
>> When we set the EtherType at the bottom of the function, I don't think
>> that it is correct in the presence of VLAN tags because it will set
>> the outer EtherType.
>
> I believe this comes back to the problem we have with tag ordering. A
> problem which after the most recent discussion of this topic I planned to
> kick into the long grass by only allowing push MPLS actions on packets with
> a well defined tag order.

Right, I subconsciously keep forgetting this even though I know it's there.

> This is the purpose of the white list in ovs_nla_copy_actions__().  It is
> supposed to only push MPLS actions for flows with an IPv4, IPv6, ARP, RARP
> or MPLS ethtype.  However, I now think that the white list likely does not
> work for VLAN packets as their flow's ethtype will be the inner-ethtype
> (the one inside the VLAN tag) rather than a VLAN ethtype.
>
> I'm unsure how you would like to handle this but one possibility would be
> simply for push_mpls() to return an error if it is called on an skb with a
> VLAN tag present or if the ethtype doesn't match a white list. Another is
> to set the inner ethtype.

Can't we just look at/track flow->tci to see if there is a vlan?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists