| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Feb 2016 20:25:33 +0100 From: Simon Horman <simon.horman@...ronome.com> To: netdev@...r.kernel.org Cc: dev@...nvswitch.org, Pravin Shelar <pshelar@...ira.com>, Simon Horman <simon.horman@...ronome.com> Subject: [PATCH/RFC] openvswitch: loosen restriction of output of MPLS to tunnel vports If an skb was not MPLS initially then it may be GSO and in that case if it became MPLS then GSO can't be performed because both MPLS and tunnels make use of the inner_protocol field of struct skbuff in order to allow GSO to be performed in the inner packet. On the other hand if an skb was MPLS initially then it will not be GSO, as there is no support for GRO for MPLS. Thus in this case it is safe to allow output of MPLS on tunnel vports. Signed-off-by: Simon Horman <simon.horman@...ronome.com> --- net/openvswitch/flow_netlink.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index d1bd4a45ca2d..a574796f35d2 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -2038,7 +2038,13 @@ static int validate_set(const struct nlattr *a, break; case OVS_KEY_ATTR_TUNNEL: - if (eth_p_mpls(eth_type)) + /* If an skb was not MPLS initially then it may be GSO + * and in that case if it became MPLS then GSO can't be + * performed because both MPLS and tunnels make use + * of the inner_protocol field of struct skbuff in order + * to allow GSO to be performed in the inner packet. + */ + if (!eth_p_mpls(flow_key->eth.type) && eth_p_mpls(eth_type)) return -EINVAL; if (masked) -- 2.7.0.rc3.207.g0ac5344
Powered by blists - more mailing lists