lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 3 Feb 2016 09:28:05 -0700
From:	David Ahern <dsa@...ulusnetworks.com>
To:	"Jason A. Donenfeld" <Jason@...c4.com>,
	Netdev <netdev@...r.kernel.org>,
	David Miller <davem@...emloft.net>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [RFC] Inverse of flowi{4,6}_oif: flowi{4,6}_not_oif

On 2/3/16 7:27 AM, Jason A. Donenfeld wrote:
> FYI, for v4 at least, it's ridiculously easy and simple to implement:
>
> =~=~=~=~=~=~=~=~=
>
> diff --git a/include/net/flow.h b/include/net/flow.h
> index 83969ee..29967ad 100644
> --- a/include/net/flow.h
> +++ b/include/net/flow.h
> @@ -26,6 +26,7 @@ struct flowi_tunnel {
>
>   struct flowi_common {
>    int flowic_oif;
> + int flowic_not_oif;
>    int flowic_iif;
>    __u32 flowic_mark;
>    __u8 flowic_tos;

I was going to suggest a flag:

@@ -36,6 +36,7 @@ struct flowi_common {
  #define FLOWI_FLAG_KNOWN_NH            0x02
  #define FLOWI_FLAG_L3MDEV_SRC          0x04
  #define FLOWI_FLAG_SKIP_NH_OIF         0x08
+#define FLOWI_FLAG_NOT_OIF             0x10
         __u32   flowic_secid;
         struct flowi_tunnel flowic_tun_key;
  };


but there are a number of oif checks that would have to be enhanced with 
the flag check. Adding a flowic_not_oif member is certainly simpler and 
there is a 4-byte hole in the struct.

> @@ -67,6 +68,7 @@ union flowi_uli {
>   struct flowi4 {
>    struct flowi_common __fl_common;
>   #define flowi4_oif  __fl_common.flowic_oif
> +#define flowi4_not_oif  __fl_common.flowic_not_oif
>   #define flowi4_iif  __fl_common.flowic_iif
>   #define flowi4_mark  __fl_common.flowic_mark
>   #define flowi4_tos  __fl_common.flowic_tos
> diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
> index 7aea0cc..d03e991 100644
> --- a/net/ipv4/fib_trie.c
> +++ b/net/ipv4/fib_trie.c
> @@ -1429,6 +1429,8 @@ found:
>           flp->flowi4_oif != nh->nh_oif)
>        continue;
>      }
> +   if (flp->flowi4_not_oif && flp->flowi4_not_oif == nh->nh_oif)
> +    continue;
>
>      if (!(fib_flags & FIB_LOOKUP_NOREF))
>       atomic_inc(&fi->fib_clntref);
>

For IPv6 start with ip6_pol_route_lookup and modifying rt6_device_match

Powered by blists - more mailing lists