lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 21 May 2015 19:37:45 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	kafai@...com
Cc:	netdev@...r.kernel.org, hannes@...essinduktion.org, ja@....bg,
	steffen.klassert@...unet.com, Kernel-team@...com
Subject: Re: [PATCH net-next v4 01/10] ipv6: Remove external dependency on
 rt6i_dst and rt6i_src

From: Martin KaFai Lau <kafai@...com>
Date: Wed, 20 May 2015 15:52:20 -0700

> This patch removes the assumptions that the returned rt is always
> a RTF_CACHE entry with the rt6i_dst and rt6i_src containing the
> destination and source address.  The dst and src can be recovered from
> the calling site.
> 
> We may consider to rename (rt6i_dst, rt6i_src) to
> (rt6i_key_dst, rt6i_key_src) later.
> 
> Signed-off-by: Martin KaFai Lau <kafai@...com>
> Reviewed-by: Hannes Frederic Sowa <hannes@...essinduktion.org>

I'm fine with this except for the fragmentation handling:

> @@ -549,6 +549,7 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb,
>  				inet6_sk(skb->sk) : NULL;
>  	struct ipv6hdr *tmp_hdr;
>  	struct frag_hdr *fh;
> +	struct frag_hdr tmp_fh;
>  	unsigned int mtu, hlen, left, len;
>  	int hroom, troom;
>  	__be32 frag_id = 0;
> @@ -584,6 +585,10 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb,
>  	}
>  	mtu -= hlen + sizeof(struct frag_hdr);
>  
> +	ipv6_select_ident(net, &tmp_fh, &ipv6_hdr(skb)->daddr,
> +			  &ipv6_hdr(skb)->saddr);
> +	frag_id = tmp_fh.identification;
> +
>  	if (skb_has_frag_list(skb)) {
>  		int first_len = skb_pagelen(skb);
>  		struct sk_buff *frag2;

Let's see if we can avoid putting a tmp frag_hdr on the stack.

> @@ -632,11 +637,10 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb,
>  		skb_reset_network_header(skb);
>  		memcpy(skb_network_header(skb), tmp_hdr, hlen);
>  
> -		ipv6_select_ident(net, fh, rt);
>  		fh->nexthdr = nexthdr;
>  		fh->reserved = 0;
>  		fh->frag_off = htons(IP6_MF);
> -		frag_id = fh->identification;
> +		fh->identification = frag_id;
>  
>  		first_len = skb_pagelen(skb);
>  		skb->data_len = first_len - skb_headlen(skb);

Look, just make ipv6_select_ident() return the 'id', and therefore have no
dependency upon the frag_hdr being available.

ip6_ufo_append_data() has the same silly problem and would benefit from
such a change as well.

The call sites that actually have the frag header available then just go:

	fh->identification = ipv6_select_ident(net, rt);


Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ