lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Feb 2016 10:14:05 -0800 From: Tom Herbert <tom@...bertland.com> To: Alexander Duyck <aduyck@...antis.com> Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Alexander Duyck <alexander.duyck@...il.com> Subject: Re: [net-next PATCH 1/5] flow_dissector: Check for IP fragmentation even if not using IPv4 address On Wed, Feb 24, 2016 at 9:29 AM, Alexander Duyck <aduyck@...antis.com> wrote: > This patch corrects the logic for the IPv4 parsing so that it is consistent > with how we handle IPv6. Specifically if we do not have the flow key > indicating we want the addresses we still may need to take a look at the IP > fragmentation bits and to see if we should stop after we have recognized > the L3 header. > > Fixes: 807e165dc44f ("flow_dissector: Add control/reporting of fragmentation") > Signed-off-by: Alexander Duyck <aduyck@...antis.com> Acked-by: Tom Herbert <tom@...bertland.com> > --- > net/core/flow_dissector.c | 17 +++++++++-------- > 1 file changed, 9 insertions(+), 8 deletions(-) > > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c > index 12e700332010..1f88f8280280 100644 > --- a/net/core/flow_dissector.c > +++ b/net/core/flow_dissector.c > @@ -178,15 +178,16 @@ ip: > > ip_proto = iph->protocol; > > - if (!dissector_uses_key(flow_dissector, > - FLOW_DISSECTOR_KEY_IPV4_ADDRS)) > - break; > + if (dissector_uses_key(flow_dissector, > + FLOW_DISSECTOR_KEY_IPV4_ADDRS)) { > + key_addrs = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IPV4_ADDRS, > + target_container); > > - key_addrs = skb_flow_dissector_target(flow_dissector, > - FLOW_DISSECTOR_KEY_IPV4_ADDRS, target_container); > - memcpy(&key_addrs->v4addrs, &iph->saddr, > - sizeof(key_addrs->v4addrs)); > - key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; > + memcpy(&key_addrs->v4addrs, &iph->saddr, > + sizeof(key_addrs->v4addrs)); > + key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; > + } > > if (ip_is_fragment(iph)) { > key_control->flags |= FLOW_DIS_IS_FRAGMENT; >
Powered by blists - more mailing lists