lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 17 Jul 2015 23:25:21 +0300 (EEST)
From:	Julian Anastasov <ja@....bg>
To:	Thomas Graf <tgraf@...g.ch>
cc:	roopa@...ulusnetworks.com, rshearma@...cade.com,
	ebiederm@...ssion.com, hannes@...essinduktion.org,
	pshelar@...ira.com, jesse@...ira.com, davem@...emloft.net,
	daniel@...earbox.net, tom@...bertland.com, edumazet@...gle.com,
	jiri@...nulli.us, marcelo.leitner@...il.com,
	stephen@...workplumber.org, jpettit@...ira.com, kaber@...sh.net,
	simon.horman@...ronome.com, joestringer@...ira.com,
	ast@...mgrid.com, weichunc@...mgrid.com, netdev@...r.kernel.org,
	dev@...nvswitch.org
Subject: Re: [PATCH net-next 15/22] route: Extend flow representation with
 tunnel key


	Hello,

On Fri, 17 Jul 2015, Thomas Graf wrote:

> Add a new flowi_tunnel structure which is a subset of ip_tunnel_key to
> allow routes to match on tunnel metadata. For now, the tunnel id is
> added to flowi_tunnel which allows for routes to be bound to specific
> virtual tunnels.
> 
> Signed-off-by: Thomas Graf <tgraf@...g.ch>
> ---

> +struct flowi_tunnel {
> +	__be64			tun_id;
> +};
> +
>  struct flowi_common {
>  	int	flowic_oif;
>  	int	flowic_iif;
> @@ -30,6 +34,7 @@ struct flowi_common {
>  #define FLOWI_FLAG_ANYSRC		0x01
>  #define FLOWI_FLAG_KNOWN_NH		0x02
>  	__u32	flowic_secid;
> +	struct flowi_tunnel flowic_tun_key;

	New input key for fib rules? It should be initialized
at some places, we should not provide random values:

- flowi4_init_output

- fib_compute_spec_dst

- __fib_validate_source

- ip_route_input_slow: with 0 if no tun_info, like below

>  };
>  
>  union flowi_uli {
> @@ -66,6 +71,7 @@ struct flowi4 {
>  #define flowi4_proto		__fl_common.flowic_proto
>  #define flowi4_flags		__fl_common.flowic_flags
>  #define flowi4_secid		__fl_common.flowic_secid
> +#define flowi4_tun_key		__fl_common.flowic_tun_key

> @@ -1690,6 +1693,9 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
>  	   by fib_lookup.
>  	 */
>  
> +	tun_info = skb_tunnel_info(skb);
> +	if (tun_info && tun_info->mode == IP_TUNNEL_INFO_RX)
> +		fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;

	else
		fl4.flowi4_tun_key.tun_id = 0;

>  	skb_dst_drop(skb);
>  
>  	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
> -- 
> 2.4.3

Regards

--
Julian Anastasov <ja@....bg>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists