lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1457560215-13395-1-git-send-email-mahesh@bandewar.net>
Date:	Wed,  9 Mar 2016 13:50:15 -0800
From:	Mahesh Bandewar <mahesh@...dewar.net>
To:	David Miller <davem@...emloft.net>
Cc:	Mahesh Bandewar <maheshb@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	netdev <netdev@...r.kernel.org>, Tim Hockin <thockin@...gle.com>,
	Alex Pollitt <alex.pollitt@...aswitch.com>,
	Matthew Dupre <matthew.dupre@...aswitch.com>
Subject: [PATCH next v2 7/7] ipvlan: Implement L3-symmetric mode.

From: Mahesh Bandewar <maheshb@...gle.com>

Current packet processing from IPtables perspective is asymmetric
for IPvlan L3 mode. On egress path, packets hit LOCAL_OUT and
POST_ROUTING hooks in slave-ns as well as master's ns however
during ingress path, LOCAL_IN and PRE_ROUTING hooks are hit only
in slave's ns. L3 mode is restrictive and uses master's L3 for
packet processing, so it does not make sense to skip these hooks
in ingress path in master's ns.

The changes in this patch nominates master-dev to be the device
for L3 ingress processing when skb device is the IPvlan slave.
Since master device is used for L3 processing, the IPT hooks are
hit in master's ns making the packet processing symmetric.

The other minor change this patch does is to add a force parameter
for set_port_mode() to ensure correct settings are set during the
device initialization phase.

Signed-off-by: Mahesh Bandewar <maheshb@...gle.com>
CC: Eric Dumazet <edumazet@...gle.com>
CC: Tim Hockin <thockin@...gle.com>
CC: Alex Pollitt <alex.pollitt@...aswitch.com>
CC: Matthew Dupre <matthew.dupre@...aswitch.com>
---
 drivers/net/ipvlan/ipvlan_main.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 5802b9025765..734c25e52c60 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -14,16 +14,19 @@ static void ipvlan_adjust_mtu(struct ipvl_dev *ipvlan, struct net_device *dev)
 	ipvlan->dev->mtu = dev->mtu - ipvlan->mtu_adj;
 }
 
-static void ipvlan_set_port_mode(struct ipvl_port *port, u16 nval)
+static void ipvlan_set_port_mode(struct ipvl_port *port, u16 nval, bool force)
 {
 	struct ipvl_dev *ipvlan;
 
-	if (port->mode != nval) {
+	if (port->mode != nval || force) {
 		list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
-			if (nval == IPVLAN_MODE_L3)
+			if (nval == IPVLAN_MODE_L3) {
 				ipvlan->dev->flags |= IFF_NOARP;
-			else
+				ipvlan->dev->l3_dev = port->dev;
+			} else {
 				ipvlan->dev->flags &= ~IFF_NOARP;
+				ipvlan->dev->l3_dev = ipvlan->dev;
+			}
 		}
 		port->mode = nval;
 	}
@@ -392,7 +395,7 @@ static int ipvlan_nl_changelink(struct net_device *dev,
 	if (data && data[IFLA_IPVLAN_MODE]) {
 		u16 nmode = nla_get_u16(data[IFLA_IPVLAN_MODE]);
 
-		ipvlan_set_port_mode(port, nmode);
+		ipvlan_set_port_mode(port, nmode, false);
 	}
 	return 0;
 }
@@ -479,7 +482,6 @@ static int ipvlan_link_new(struct net *src_net, struct net_device *dev,
 	memcpy(dev->dev_addr, phy_dev->dev_addr, ETH_ALEN);
 
 	dev->priv_flags |= IFF_IPVLAN_SLAVE;
-
 	port->count += 1;
 	err = register_netdevice(dev);
 	if (err < 0)
@@ -490,7 +492,7 @@ static int ipvlan_link_new(struct net *src_net, struct net_device *dev,
 		goto ipvlan_destroy_port;
 
 	list_add_tail_rcu(&ipvlan->pnode, &port->ipvlans);
-	ipvlan_set_port_mode(port, mode);
+	ipvlan_set_port_mode(port, mode, true);
 
 	netif_stacked_transfer_operstate(phy_dev, dev);
 	return 0;
-- 
2.7.0.rc3.207.g0ac5344

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ