lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 1 Oct 2015 09:26:59 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	"John W. Linville" <linville@...driver.com>
Cc:	netdev <netdev@...r.kernel.org>,
	Pravin B Shelar <pshelar@...ira.com>,
	Jiri Benc <jbenc@...hat.com>,
	David Miller <davem@...emloft.net>
Subject: Re: [RFT v3] geneve: implement support for IPv6-based tunnels

On Wed, Sep 30, 2015 at 11:34 AM, John W. Linville
<linville@...driver.com> wrote:
> diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
> index 8f5c02eed47d..291d3d7754a8 100644
> --- a/drivers/net/geneve.c
> +++ b/drivers/net/geneve.c
> +#define GENEVE_F_IPV6          0x00000001

I wasn't sure why we needed this flag. Can't we just look at the
remote address family?

> -static void geneve_sock_release(struct geneve_sock *gs)
> +static void __geneve_sock_release(struct geneve_sock *gs)
>  {
>         if (--gs->refcnt)
>                 return;

Do we need a check for NULL first here?

> +#if IS_ENABLED(CONFIG_IPV6)
> +static int geneve6_build_skb(struct dst_entry *dst, struct sk_buff *skb,
> +                            __be16 tun_flags, u8 vni[3], u8 opt_len, u8 *opt,
> +                            bool csum, bool xnet)
> +{
> +       struct genevehdr *gnvh;
> +       int min_headroom;
> +       int err;
> +
> +       skb_scrub_packet(skb, xnet);

Is there a reason why this applies to only IPv6? It seems like it
would be common

> +static struct dst_entry *geneve_get_dst(struct sk_buff *skb,

It might be worth clarifying this name - it wasn't immediately obvious
to me the difference between geneve_get_rt() and geneve_get_dst() is
IPv4 vs. IPv6.

> +#if IS_ENABLED(CONFIG_IPV6)
> +static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev,
> +                                   struct ip_tunnel_info *info)
[...]
> +       dst = geneve_get_dst(skb, dev, &fl6, info);
> +       if (IS_ERR(dst)) {
> +               netdev_dbg(dev, "no route to %pI6\n", &fl6.daddr);
> +               dev->stats.tx_carrier_errors++;
> +               goto tx_error;
> +       }

It looks like we double log/count this error (although this also
appears to be a problem for IPv4).

> +       err = udp_tunnel6_xmit_skb(dst, gs6->sock->sk, skb, dev,
> +                                  &fl6.saddr, &fl6.daddr, 0, ttl,
> +                                  sport, geneve->dst_port, !udp_csum);

It seems like TOS is not handled here?

> @@ -823,9 +1095,11 @@ static int geneve_configure(struct net *net, struct net_device *dev,
>         int err;
>
>         if (metadata) {
> -               if (rem_addr || vni || tos || ttl)
> +               if (remote != &geneve_remote_unspec || vni || tos || ttl)
>                         return -EINVAL;

I think this will fail in the non-compat metadata case. The remote
that is passed in will be a zeroed copy on the stack, so the address
won't match the static version. I believe the check should be for
AF_UNSPEC instead.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ