lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1458050611.2871.11.camel@sipsolutions.net>
Date:	Tue, 15 Mar 2016 15:03:31 +0100
From:	Johannes Berg <johannes@...solutions.net>
To:	Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org
Cc:	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	Florian Westphal <fw@...len.de>,
	Paolo Abeni <pabeni@...hat.com>, stephen@...workplumber.org
Subject: Re: [PATCH net-next v2 3/3] macsec: introduce IEEE 802.1AE driver

Hi,

> +struct macsec_rx_sa_stats {
> +	__u32 InPktsOK;
> +	__u32 InPktsInvalid;
> +	__u32 InPktsNotValid;
> +	__u32 InPktsNotUsingSA;
> +	__u32 InPktsUnusedSA;
> +};
> +
> +struct macsec_tx_sa_stats {
> +	__u32 OutPktsProtected;
> +	__u32 OutPktsEncrypted;
> +};

Just noticed this: is there a particular reason for using only __u32
here? The others all seem to use __u64.

> +static int macsec_dump_txsc(struct sk_buff *skb, struct
> netlink_callback *cb)
> +{
> +	struct net *net = sock_net(skb->sk);
> +	struct net_device *dev;
> +	int dev_idx, d;
> +
> +	dev_idx = cb->args[0];
> +
> +	d = 0;
> +	for_each_netdev(net, dev) {
> +		struct macsec_secy *secy;
> +
> +		if (d < dev_idx)
> +			goto next;
> +
> +		if (!netif_is_macsec(dev))
> +			goto next;
> +
> +		secy = &macsec_priv(dev)->secy;
> +		if (dump_secy(secy, dev, skb, cb) < 0)
> +			goto done;
> +next:
> +		d++;
> +	}
> +
> +done:
> +	cb->args[0] = d;
> +	return skb->len;
> +}

Maybe you should consider adding genl_dump_check_consistent() support
here, so userspace can figure out if the dump was really consistent, if
necessary.

To do this, you have to keep a global generation counter that changes
whenever this list changes (adding/removing macsec interfaces, I think)
and then set

	cb->seq = macsec_generation_counter;

at the beginning of this function, and call
genl_dump_check_consistent() for each message in the loop.

Btw, aren't you missing locking here for for_each_netdev()?

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ