| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160307172214.5295.52624.stgit@localhost.localdomain>
Date: Mon, 07 Mar 2016 09:22:14 -0800
From: Alexander Duyck <aduyck@...antis.com>
To: netdev@...r.kernel.org, davem@...emloft.net
Subject: [net-next PATCH 3/4] vxlan: Enforce IP ID verification on outer
headers
This change enforces the IP ID verification on outer headers. As a result
if the DF flag is not set on the outer header we will force the flow to be
flushed in the event that the IP ID is out of sequence with the existing
flow.
Signed-off-by: Alexander Duyck <aduyck@...antis.com>
---
drivers/net/vxlan.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 775ddb48388d..906587d1531a 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -591,8 +591,6 @@ static struct sk_buff **vxlan_gro_receive(struct sk_buff **head,
skb_gro_pull(skb, sizeof(struct vxlanhdr)); /* pull vxlan header */
- flush = 0;
-
for (p = *head; p; p = p->next) {
if (!NAPI_GRO_CB(p)->same_flow)
continue;
@@ -603,10 +601,13 @@ static struct sk_buff **vxlan_gro_receive(struct sk_buff **head,
NAPI_GRO_CB(p)->same_flow = 0;
continue;
}
+
+ /* Include the IP ID check from the outer IP hdr */
+ NAPI_GRO_CB(p)->flush |= NAPI_GRO_CB(p)->flush_id;
}
pp = eth_gro_receive(head, skb);
-
+ flush = 0;
out:
skb_gro_remcsum_cleanup(skb, &grc);
NAPI_GRO_CB(skb)->flush |= flush;
Powered by blists - more mailing lists