lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Feb 2016 09:28:05 -0700 From: David Ahern <dsa@...ulusnetworks.com> To: "Jason A. Donenfeld" <Jason@...c4.com>, Netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: Re: [RFC] Inverse of flowi{4,6}_oif: flowi{4,6}_not_oif On 2/3/16 7:27 AM, Jason A. Donenfeld wrote: > FYI, for v4 at least, it's ridiculously easy and simple to implement: > > =~=~=~=~=~=~=~=~= > > diff --git a/include/net/flow.h b/include/net/flow.h > index 83969ee..29967ad 100644 > --- a/include/net/flow.h > +++ b/include/net/flow.h > @@ -26,6 +26,7 @@ struct flowi_tunnel { > > struct flowi_common { > int flowic_oif; > + int flowic_not_oif; > int flowic_iif; > __u32 flowic_mark; > __u8 flowic_tos; I was going to suggest a flag: @@ -36,6 +36,7 @@ struct flowi_common { #define FLOWI_FLAG_KNOWN_NH 0x02 #define FLOWI_FLAG_L3MDEV_SRC 0x04 #define FLOWI_FLAG_SKIP_NH_OIF 0x08 +#define FLOWI_FLAG_NOT_OIF 0x10 __u32 flowic_secid; struct flowi_tunnel flowic_tun_key; }; but there are a number of oif checks that would have to be enhanced with the flag check. Adding a flowic_not_oif member is certainly simpler and there is a 4-byte hole in the struct. > @@ -67,6 +68,7 @@ union flowi_uli { > struct flowi4 { > struct flowi_common __fl_common; > #define flowi4_oif __fl_common.flowic_oif > +#define flowi4_not_oif __fl_common.flowic_not_oif > #define flowi4_iif __fl_common.flowic_iif > #define flowi4_mark __fl_common.flowic_mark > #define flowi4_tos __fl_common.flowic_tos > diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c > index 7aea0cc..d03e991 100644 > --- a/net/ipv4/fib_trie.c > +++ b/net/ipv4/fib_trie.c > @@ -1429,6 +1429,8 @@ found: > flp->flowi4_oif != nh->nh_oif) > continue; > } > + if (flp->flowi4_not_oif && flp->flowi4_not_oif == nh->nh_oif) > + continue; > > if (!(fib_flags & FIB_LOOKUP_NOREF)) > atomic_inc(&fi->fib_clntref); > For IPv6 start with ip6_pol_route_lookup and modifying rt6_device_match
Powered by blists - more mailing lists