| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx6S3499MvvS2SsDQF-c+ymtekcp6TMbmBnp=n4kb5trtJU5Q@mail.gmail.com>
Date: Wed, 24 Feb 2016 10:14:05 -0800
From: Tom Herbert <tom@...bertland.com>
To: Alexander Duyck <aduyck@...antis.com>
Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
Alexander Duyck <alexander.duyck@...il.com>
Subject: Re: [net-next PATCH 1/5] flow_dissector: Check for IP fragmentation
even if not using IPv4 address
On Wed, Feb 24, 2016 at 9:29 AM, Alexander Duyck <aduyck@...antis.com> wrote:
> This patch corrects the logic for the IPv4 parsing so that it is consistent
> with how we handle IPv6. Specifically if we do not have the flow key
> indicating we want the addresses we still may need to take a look at the IP
> fragmentation bits and to see if we should stop after we have recognized
> the L3 header.
>
> Fixes: 807e165dc44f ("flow_dissector: Add control/reporting of fragmentation")
> Signed-off-by: Alexander Duyck <aduyck@...antis.com>
Acked-by: Tom Herbert <tom@...bertland.com>
> ---
> net/core/flow_dissector.c | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 12e700332010..1f88f8280280 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -178,15 +178,16 @@ ip:
>
> ip_proto = iph->protocol;
>
> - if (!dissector_uses_key(flow_dissector,
> - FLOW_DISSECTOR_KEY_IPV4_ADDRS))
> - break;
> + if (dissector_uses_key(flow_dissector,
> + FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
> + key_addrs = skb_flow_dissector_target(flow_dissector,
> + FLOW_DISSECTOR_KEY_IPV4_ADDRS,
> + target_container);
>
> - key_addrs = skb_flow_dissector_target(flow_dissector,
> - FLOW_DISSECTOR_KEY_IPV4_ADDRS, target_container);
> - memcpy(&key_addrs->v4addrs, &iph->saddr,
> - sizeof(key_addrs->v4addrs));
> - key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
> + memcpy(&key_addrs->v4addrs, &iph->saddr,
> + sizeof(key_addrs->v4addrs));
> + key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
> + }
>
> if (ip_is_fragment(iph)) {
> key_control->flags |= FLOW_DIS_IS_FRAGMENT;
>
Powered by blists - more mailing lists