lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 24 Feb 2016 10:14:05 -0800
From:	Tom Herbert <tom@...bertland.com>
To:	Alexander Duyck <aduyck@...antis.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Alexander Duyck <alexander.duyck@...il.com>
Subject: Re: [net-next PATCH 1/5] flow_dissector: Check for IP fragmentation
 even if not using IPv4 address

On Wed, Feb 24, 2016 at 9:29 AM, Alexander Duyck <aduyck@...antis.com> wrote:
> This patch corrects the logic for the IPv4 parsing so that it is consistent
> with how we handle IPv6.  Specifically if we do not have the flow key
> indicating we want the addresses we still may need to take a look at the IP
> fragmentation bits and to see if we should stop after we have recognized
> the L3 header.
>
> Fixes: 807e165dc44f ("flow_dissector: Add control/reporting of fragmentation")
> Signed-off-by: Alexander Duyck <aduyck@...antis.com>

Acked-by: Tom Herbert <tom@...bertland.com>

> ---
>  net/core/flow_dissector.c |   17 +++++++++--------
>  1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 12e700332010..1f88f8280280 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -178,15 +178,16 @@ ip:
>
>                 ip_proto = iph->protocol;
>
> -               if (!dissector_uses_key(flow_dissector,
> -                                       FLOW_DISSECTOR_KEY_IPV4_ADDRS))
> -                       break;
> +               if (dissector_uses_key(flow_dissector,
> +                                      FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
> +                       key_addrs = skb_flow_dissector_target(flow_dissector,
> +                                                             FLOW_DISSECTOR_KEY_IPV4_ADDRS,
> +                                                             target_container);
>
> -               key_addrs = skb_flow_dissector_target(flow_dissector,
> -                             FLOW_DISSECTOR_KEY_IPV4_ADDRS, target_container);
> -               memcpy(&key_addrs->v4addrs, &iph->saddr,
> -                      sizeof(key_addrs->v4addrs));
> -               key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
> +                       memcpy(&key_addrs->v4addrs, &iph->saddr,
> +                              sizeof(key_addrs->v4addrs));
> +                       key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
> +               }
>
>                 if (ip_is_fragment(iph)) {
>                         key_control->flags |= FLOW_DIS_IS_FRAGMENT;
>

Powered by blists - more mailing lists