lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 May 2016 14:23:07 +0200
From:	Stefan Schmidt <stefan@....samsung.com>
To:	Alexander Aring <aar@...gutronix.de>, linux-wpan@...r.kernel.org
Cc:	kernel@...gutronix.de, marcel@...tmann.org,
	jukka.rissanen@...ux.intel.com, hannes@...essinduktion.org,
	mcr@...delman.ca, werner@...esberger.net,
	linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
	"David S . Miller" <davem@...emloft.net>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>,
	James Morris <jmorris@...ei.org>,
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
	Patrick McHardy <kaber@...sh.net>
Subject: Re: [PATCHv2 bluetooth-next 07/10] ipv6: introduce neighbour
 discovery ops

Hello.

On 20/04/16 10:19, Alexander Aring wrote:
> This patch introduces neighbour discovery ops callback structure. The
> structure contains at first receive and transmit handling for NS/NA and
> userspace option field functionality.
>
> These callback offers 6lowpan different handling, such as 802.15.4 short
> address handling or RFC6775 (Neighbor Discovery Optimization for IPv6 over
> 6LoWPANs).
>
> Cc: David S. Miller<davem@...emloft.net>
> Cc: Alexey Kuznetsov<kuznet@....inr.ac.ru>
> Cc: James Morris<jmorris@...ei.org>
> Cc: Hideaki YOSHIFUJI<yoshfuji@...ux-ipv6.org>
> Cc: Patrick McHardy<kaber@...sh.net>
> Signed-off-by: Alexander Aring<aar@...gutronix.de>
> ---
>   include/linux/netdevice.h |  3 ++
>   include/net/ndisc.h       | 96 +++++++++++++++++++++++++++++++++++++++++++----
>   net/ipv6/addrconf.c       |  1 +
>   net/ipv6/ndisc.c          | 71 ++++++++++++++++++++++++-----------
>   net/ipv6/route.c          |  2 +-
>   5 files changed, 144 insertions(+), 29 deletions(-)
>
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index 0052c42..bc60033 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -1677,6 +1677,9 @@ struct net_device {
>   #ifdef CONFIG_NET_L3_MASTER_DEV
>   	const struct l3mdev_ops	*l3mdev_ops;
>   #endif
> +#if IS_ENABLED(CONFIG_IPV6)
> +	const struct ndisc_ops *ndisc_ops;
> +#endif
>   
>   	const struct header_ops *header_ops;
>   
> diff --git a/include/net/ndisc.h b/include/net/ndisc.h
> index aac868e..14ed016 100644
> --- a/include/net/ndisc.h
> +++ b/include/net/ndisc.h
> @@ -110,7 +110,8 @@ struct ndisc_options {
>   
>   #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
>   
> -struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
> +struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
> +					  u8 *opt, int opt_len,
>   					  struct ndisc_options *ndopts);
>   
>   /*
> @@ -173,6 +174,93 @@ static inline struct neighbour *__ipv6_neigh_lookup(struct net_device *dev, cons
>   	return n;
>   }
>   
> +static inline int __ip6_ndisc_is_useropt(struct nd_opt_hdr *opt)

Name it __ipv6... instead of __ip6...?
> +{
> +	return opt->nd_opt_type == ND_OPT_RDNSS ||
> +		opt->nd_opt_type == ND_OPT_DNSSL;
> +}
> +
> +#if IS_ENABLED(CONFIG_IPV6)
> +struct ndisc_ops {
> +	int	(*is_useropt)(struct nd_opt_hdr *opt);
> +	void	(*send_na)(struct net_device *dev,
> +			   const struct in6_addr *daddr,
> +			   const struct in6_addr *solicited_addr,
> +			   bool router, bool solicited,
> +			   bool override, bool inc_opt);
> +	void	(*recv_na)(struct sk_buff *skb);
> +	void	(*send_ns)(struct net_device *dev,
> +			   const struct in6_addr *solicit,
> +			   const struct in6_addr *daddr,
> +			   const struct in6_addr *saddr);
> +	void	(*recv_ns)(struct sk_buff *skb);
> +};
> +
> +static inline int ndisc_is_useropt(const struct net_device *dev,
> +				   struct nd_opt_hdr *opt)
> +{
> +	if (likely(dev->ndisc_ops->is_useropt))
> +		return dev->ndisc_ops->is_useropt(opt);
> +	else
> +		return 0;
> +}
> +
> +static inline void ndisc_send_na(struct net_device *dev,
> +				 const struct in6_addr *daddr,
> +				 const struct in6_addr *solicited_addr,
> +				 bool router, bool solicited, bool override,
> +				 bool inc_opt)
> +{
> +	if (likely(dev->ndisc_ops->send_na))
> +		dev->ndisc_ops->send_na(dev, daddr, solicited_addr, router,
> +					solicited, override, inc_opt);
> +}
> +
> +static inline void ndisc_recv_na(struct sk_buff *skb)
> +{
> +	if (likely(skb->dev->ndisc_ops->recv_na))
> +		skb->dev->ndisc_ops->recv_na(skb);
> +}
> +
> +static inline void ndisc_send_ns(struct net_device *dev,
> +				 const struct in6_addr *solicit,
> +				 const struct in6_addr *daddr,
> +				 const struct in6_addr *saddr)
> +{
> +	if (likely(dev->ndisc_ops->send_ns))
> +		dev->ndisc_ops->send_ns(dev, solicit, daddr, saddr);
> +}
> +
> +static inline void ndisc_recv_ns(struct sk_buff *skb)
> +{
> +	if (likely(skb->dev->ndisc_ops->recv_ns))
> +		skb->dev->ndisc_ops->recv_ns(skb);
> +}
> +#else
> +static inline int ndisc_is_useropt(const struct net_device *dev,
> +				   struct nd_opt_hdr *opt)
> +{
> +	return 0;
> +}
> +
> +static inline void ndisc_send_na(struct net_device *dev,
> +				 const struct in6_addr *daddr,
> +				 const struct in6_addr *solicited_addr,
> +				 bool router, bool solicited, bool override,
> +				 bool inc_opt) { }
> +
> +static inline void ndisc_recv_na(struct sk_buff *skb) { }
> +
> +static inline void ndisc_send_ns(struct net_device *dev,
> +				 const struct in6_addr *solicit,
> +				 const struct in6_addr *daddr,
> +				 const struct in6_addr *saddr) { }
> +
> +static inline void ndisc_recv_ns(struct sk_buff *skb) { }
> +#endif
> +
> +void ip6_register_ndisc_ops(struct net_device *dev);
> +
>   int ndisc_init(void);
>   int ndisc_late_init(void);
>   
> @@ -181,14 +269,8 @@ void ndisc_cleanup(void);
>   
>   int ndisc_rcv(struct sk_buff *skb);
>   
> -void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
> -		   const struct in6_addr *daddr, const struct in6_addr *saddr);
> -
>   void ndisc_send_rs(struct net_device *dev,
>   		   const struct in6_addr *saddr, const struct in6_addr *daddr);
> -void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
> -		   const struct in6_addr *solicited_addr,
> -		   bool router, bool solicited, bool override, bool inc_opt);
>   
>   void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target);
>   
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 54e18c2..a2ef04b 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -3266,6 +3266,7 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
>   			idev = ipv6_add_dev(dev);
>   			if (IS_ERR(idev))
>   				return notifier_from_errno(PTR_ERR(idev));
> +			ip6_register_ndisc_ops(dev);
>   		}
>   		break;
>   
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index 176c7c4..297080a 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -185,24 +185,25 @@ static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
>   	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
>   }
>   
> -static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
> +static inline int ip6_ndisc_is_useropt(struct nd_opt_hdr *opt)
>   {
> -	return opt->nd_opt_type == ND_OPT_RDNSS ||
> -		opt->nd_opt_type == ND_OPT_DNSSL;
> +	return __ip6_ndisc_is_useropt(opt);

Why putting this check into a different function? It looks like a not 
needed redirection.
>   }
>   
> -static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
> +static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
> +					     struct nd_opt_hdr *cur,
>   					     struct nd_opt_hdr *end)
>   {
>   	if (!cur || !end || cur >= end)
>   		return NULL;
>   	do {
>   		cur = ((void *)cur) + (cur->nd_opt_len << 3);
> -	} while (cur < end && !ndisc_is_useropt(cur));
> -	return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
> +	} while (cur < end && !ndisc_is_useropt(dev, cur));
> +	return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
>   }
>   
> -struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
> +struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
> +					  u8 *opt, int opt_len,
>   					  struct ndisc_options *ndopts)
>   {
>   	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
> @@ -243,7 +244,7 @@ struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
>   			break;
>   #endif
>   		default:
> -			if (ndisc_is_useropt(nd_opt)) {
> +			if (ndisc_is_useropt(dev, nd_opt)) {
>   				ndopts->nd_useropts_end = nd_opt;
>   				if (!ndopts->nd_useropts)
>   					ndopts->nd_useropts = nd_opt;
> @@ -479,9 +480,11 @@ static void ndisc_send_skb(struct sk_buff *skb,
>   	rcu_read_unlock();
>   }
>   
> -void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
> -		   const struct in6_addr *solicited_addr,
> -		   bool router, bool solicited, bool override, bool inc_opt)
> +static void ip6_ndisc_send_na(struct net_device *dev,
> +			      const struct in6_addr *daddr,
> +			      const struct in6_addr *solicited_addr,
> +			      bool router, bool solicited, bool override,
> +			      bool inc_opt)
>   {
>   	struct sk_buff *skb;
>   	struct in6_addr tmpaddr;
> @@ -555,8 +558,10 @@ static void ndisc_send_unsol_na(struct net_device *dev)
>   	in6_dev_put(idev);
>   }
>   
> -void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
> -		   const struct in6_addr *daddr, const struct in6_addr *saddr)
> +static void ip6_ndisc_send_ns(struct net_device *dev,
> +			      const struct in6_addr *solicit,
> +			      const struct in6_addr *daddr,
> +			      const struct in6_addr *saddr)
>   {
>   	struct sk_buff *skb;
>   	struct in6_addr addr_buf;
> @@ -702,7 +707,7 @@ static int pndisc_is_router(const void *pkey,
>   	return ret;
>   }
>   
> -static void ndisc_recv_ns(struct sk_buff *skb)
> +static void ip6_ndisc_recv_ns(struct sk_buff *skb)
>   {
>   	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
>   	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
> @@ -738,7 +743,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
>   		return;
>   	}
>   
> -	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
> +	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
>   		ND_PRINTK(2, warn, "NS: invalid ND options\n");
>   		return;
>   	}
> @@ -874,7 +879,7 @@ out:
>   		in6_dev_put(idev);
>   }
>   
> -static void ndisc_recv_na(struct sk_buff *skb)
> +static void ip6_ndisc_recv_na(struct sk_buff *skb)
>   {
>   	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
>   	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
> @@ -912,7 +917,7 @@ static void ndisc_recv_na(struct sk_buff *skb)
>   	    idev->cnf.drop_unsolicited_na)
>   		return;
>   
> -	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
> +	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
>   		ND_PRINTK(2, warn, "NS: invalid ND option\n");
>   		return;
>   	}
> @@ -1019,7 +1024,7 @@ static void ndisc_recv_rs(struct sk_buff *skb)
>   		goto out;
>   
>   	/* Parse ND options */
> -	if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
> +	if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
>   		ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
>   		goto out;
>   	}
> @@ -1137,7 +1142,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
>   		return;
>   	}
>   
> -	if (!ndisc_parse_options(opt, optlen, &ndopts)) {
> +	if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
>   		ND_PRINTK(2, warn, "RA: invalid ND options\n");
>   		return;
>   	}
> @@ -1424,7 +1429,8 @@ skip_routeinfo:
>   		struct nd_opt_hdr *p;
>   		for (p = ndopts.nd_useropts;
>   		     p;
> -		     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
> +		     p = ndisc_next_useropt(skb->dev, p,
> +					    ndopts.nd_useropts_end)) {
>   			ndisc_ra_useropt(skb, p);
>   		}
>   	}
> @@ -1462,7 +1468,7 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
>   		return;
>   	}
>   
> -	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
> +	if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
>   		return;
>   
>   	if (!ndopts.nd_opts_rh) {
> @@ -1783,6 +1789,29 @@ int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *bu
>   
>   #endif
>   
> +static const struct ndisc_ops ip6_ndisc_ops = {
> +	.is_useropt = ip6_ndisc_is_useropt,
> +	.send_na = ip6_ndisc_send_na,
> +	.recv_na = ip6_ndisc_recv_na,
> +	.send_ns = ip6_ndisc_send_ns,
> +	.recv_ns = ip6_ndisc_recv_ns,

Here I would also think ipv6 as prefix would be nicer.

> +};
> +
> +void ip6_register_ndisc_ops(struct net_device *dev)
> +{
> +	switch (dev->type) {
> +	default:
> +		if (dev->ndisc_ops) {
> +			ND_PRINTK(2, warn,
> +				  "%s: ndisc_ops already defined for interface type=%d\n",
> +				  __func__, dev->type);
> +		} else {
> +			dev->ndisc_ops = &ip6_ndisc_ops;
> +		}
> +		break;
> +	}
> +}
> +
>   static int __net_init ndisc_net_init(struct net *net)
>   {
>   	struct ipv6_pinfo *np;
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index cc180b3..5fa276d 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2149,7 +2149,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
>   	 *	first-hop router for the specified ICMP Destination Address.
>   	 */
>   
> -	if (!ndisc_parse_options(msg->opt, optlen, &ndopts)) {
> +	if (!ndisc_parse_options(skb->dev, msg->opt, optlen, &ndopts)) {
>   		net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
>   		return;
>   	}

Reviewed-by: Stefan Schmidt<stefan@....samsung.com>

regards
Stefan Schmidt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ