lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 12 Feb 2016 20:25:33 +0100
From:	Simon Horman <simon.horman@...ronome.com>
To:	netdev@...r.kernel.org
Cc:	dev@...nvswitch.org, Pravin Shelar <pshelar@...ira.com>,
	Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH/RFC] openvswitch: loosen restriction of output of MPLS to tunnel vports

If an skb was not MPLS initially then it may be GSO and in that case if it
became MPLS then GSO can't be performed because both MPLS and tunnels make
use of the inner_protocol field of struct skbuff in order to allow GSO to
be performed in the inner packet.

On the other hand if an skb was MPLS initially then it will not be GSO,
as there is no support for GRO for MPLS. Thus in this case it is safe
to allow output of MPLS on tunnel vports.

Signed-off-by: Simon Horman <simon.horman@...ronome.com>
---
 net/openvswitch/flow_netlink.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index d1bd4a45ca2d..a574796f35d2 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -2038,7 +2038,13 @@ static int validate_set(const struct nlattr *a,
 		break;
 
 	case OVS_KEY_ATTR_TUNNEL:
-		if (eth_p_mpls(eth_type))
+		/* If an skb was not MPLS initially then it may be GSO
+		 * and in that case if it became MPLS then GSO can't be
+		 * performed because both MPLS and tunnels make use
+		 * of the inner_protocol field of struct skbuff in order
+		 * to allow GSO to be performed in the inner packet.
+		 */
+		if (!eth_p_mpls(flow_key->eth.type) && eth_p_mpls(eth_type))
 			return -EINVAL;
 
 		if (masked)
-- 
2.7.0.rc3.207.g0ac5344

Powered by blists - more mailing lists