lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 Mar 2015 19:15:54 +0100
From:	Robert Shearman <rshearma@...cade.com>
To:	<davem@...emloft.net>
CC:	<netdev@...r.kernel.org>, Robert Shearman <rshearma@...cade.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: [PATCH net-next v3 2/4] mpls: Differentiate implicit-null and unlabeled neighbours

The control plane can advertise labels for neighbours that don't have
an outgoing label. RFC 3031 s3.22 states that either the remaining
labels should be popped (if the control plane can determine that it's
safe to do so, which in light of MPLS-VPN, RFC 4364, is never the case
now) or that the packet should be discarded.

Therefore, if the peer is unlabeled and the last label wasn't popped
then drop the packet. The peer being unlabeled is signalled by an
empty label stack. However, penultimate hop popping still needs to be
supported (RFC 3031 s4.1.5) where the incoming label is popped and no
labels are put on and the packet can still go out labeled with the
remainder of the stack. This is achieved by the control plane
specifying a label stack consisting of the single special
implicit-null value.

Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
Signed-off-by: Robert Shearman <rshearma@...cade.com>
---
 net/mpls/af_mpls.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 0d6763a895d6..7f5f30d29f73 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -28,7 +28,8 @@ struct mpls_route { /* next hop label forwarding entry */
 	struct rcu_head		rt_rcu;
 	u32			rt_label[MAX_NEW_LABELS];
 	u8			rt_protocol; /* routing protocol that set this entry */
-	u8			rt_labels;
+	u8                      rt_unlabeled : 1;
+	u8			rt_labels : 7;
 	u8			rt_via_alen;
 	u8			rt_via_table;
 	u8			rt_via[0];
@@ -202,6 +203,11 @@ static int mpls_forward(struct sk_buff *skb, struct net_device *dev,
 		/* Penultimate hop popping */
 		if (!mpls_egress(rt, skb, dec))
 			goto drop;
+	} else if (rt->rt_unlabeled) {
+		/* Labeled traffic destined to unlabeled peer should
+		 * be discarded
+		 */
+		goto drop;
 	} else {
 		bool bos;
 		int i;
@@ -386,9 +392,16 @@ static int mpls_route_add(struct mpls_route_config *cfg)
 	if (!rt)
 		goto errout;
 
-	rt->rt_labels = cfg->rc_output_labels;
-	for (i = 0; i < rt->rt_labels; i++)
-		rt->rt_label[i] = cfg->rc_output_label[i];
+	if (cfg->rc_output_labels == 1 &&
+	    cfg->rc_output_label[0] == LABEL_IMPLICIT_NULL) {
+		rt->rt_labels = 0;
+	} else {
+		rt->rt_labels = cfg->rc_output_labels;
+		for (i = 0; i < rt->rt_labels; i++)
+			rt->rt_label[i] = cfg->rc_output_label[i];
+		if (!rt->rt_labels)
+			rt->rt_unlabeled = true;
+	}
 	rt->rt_protocol = cfg->rc_protocol;
 	RCU_INIT_POINTER(rt->rt_dev, dev);
 	rt->rt_via_table = cfg->rc_via_table;
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ