lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOrHB_Dffj93ED0u+RQ89SneRn5YRGFB9piYYiTDFJ43ZGDpNQ@mail.gmail.com>
Date:	Fri, 22 Apr 2016 14:04:48 -0700
From:	pravin shelar <pshelar@....org>
To:	Jiri Benc <jbenc@...hat.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Pravin B Shelar <pshelar@...ira.com>,
	Thomas Graf <tgraf@...g.ch>,
	Simon Horman <simon.horman@...ronome.com>
Subject: Re: [PATCH net 1/3] gre: do not assign header_ops in collect metadata mode

On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc <jbenc@...hat.com> wrote:
> In ipgre mode (i.e. not gretap) with collect metadata flag set, the tunnel
> is incorrectly assumed to be mGRE in NBMA mode (see commit 6a5f44d7a048c).
> This is not the case, we're controlling the encapsulation addresses by
> lwtunnel metadata. And anyway, assigning dev->header_ops in collect metadata
> mode does not make sense.
>
> Fixes: 2e15ea390e6f4 ("ip_gre: Add support to collect tunnel metadata.")
> Signed-off-by: Jiri Benc <jbenc@...hat.com>
> ---
>  net/ipv4/ip_gre.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
> index af5d1f38217f..d0abde4236af 100644
> --- a/net/ipv4/ip_gre.c
> +++ b/net/ipv4/ip_gre.c
> @@ -893,7 +893,7 @@ static int ipgre_tunnel_init(struct net_device *dev)
>         netif_keep_dst(dev);
>         dev->addr_len           = 4;
>
> -       if (iph->daddr) {
> +       if (iph->daddr && !tunnel->collect_md) {
>  #ifdef CONFIG_NET_IPGRE_BROADCAST
>                 if (ipv4_is_multicast(iph->daddr)) {
>                         if (!iph->saddr)
> @@ -902,8 +902,9 @@ static int ipgre_tunnel_init(struct net_device *dev)
>                         dev->header_ops = &ipgre_header_ops;
>                 }
>  #endif

I think we should we return error in case of such configuration rather
than silently ignoring it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ