lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <55B68CE2.10008@6wind.com>
Date:	Mon, 27 Jul 2015 21:56:18 +0200
From:	Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:	Eric Dumazet <eric.dumazet@...il.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>
CC:	davem@...emloft.net, netdev@...r.kernel.org,
	roopa@...ulusnetworks.com, tgraf@...g.ch
Subject: Re: [PATCH net-next v2] route: allow to route in a peer netns via
 lwt framework

Le 24/07/2015 17:39, Eric Dumazet a écrit :
>
> On Fri, 2015-07-24 at 16:16 +0200, Nicolas Dichtel wrote:
>> This patch takes advantage of the newly added lwtunnel framework to
>> allow the user to set routes that point to a peer netns.
>>
>> Packets are injected to the peer netns via the loopback device. It works
>> only when the output device is 'lo'.
>>
>> Example:
>> ip route add 40.1.1.1/32 encap netns nsid 5 via dev lo
>>
>
> Is this feature so badly wanted to add complexity on lo device ?
>
The goal is to be scalable when the number of netns is high (10k or more).
Which this patch, we can save two interfaces (veth) per netns, which helps to to 
reduce memory consumption and the time needed to create a netns.

[snip]
>> +	if (nsid != NETNSA_NSID_NOT_ASSIGNED) {
>> +		peernet = get_net_ns_by_id(dev_net(dev), nsid);
>> +		if (!peernet) {
>> +			kfree_skb(skb);
>> +			goto end;
>> +		}
>> +
>> +		/* it's OK to use per_cpu_ptr() because BHs are off */
>> +		lb_stats = this_cpu_ptr(peernet->loopback_dev->lstats);
>> +		ret = dev_forward_skb(peernet->loopback_dev, skb);
>> +	} else {
>> +		skb_orphan(skb);
>>
>> -	/* it's OK to use per_cpu_ptr() because BHs are off */
>> -	lb_stats = this_cpu_ptr(dev->lstats);
>> +		skb->protocol = eth_type_trans(skb, dev);
>> +
>> +		/* it's OK to use per_cpu_ptr() because BHs are off */
>> +		lb_stats = this_cpu_ptr(dev->lstats);
>> +		ret = netif_rx(skb);
>> +	}
>>
>>   	len = skb->len;
>
> <use after free error>  At this point you no longer can access skb
Right, will fix it.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ