lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <572E0178.4010601@cumulusnetworks.com>
Date:	Sat, 7 May 2016 08:53:44 -0600
From:	David Ahern <dsa@...ulusnetworks.com>
To:	Shmulik Ladkani <shmulik.ladkani@...il.com>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/2] net: original ingress device index in
 PKTINFO

On 5/7/16 2:41 AM, Shmulik Ladkani wrote:
> Hi David,
>
> On Fri,  6 May 2016 18:49:41 -0700 David Ahern <dsa@...ulusnetworks.com> wrote:
>> Applications such as OSPF and BFD need the original ingress device not
>> the VRF device;
>
> Would you consider this true for any IP_PKTINFO users in VRF setups?

yes. I was just giving specific examples, but certainly every app I am 
aware of wants the enslaved index. If an app pops up that wants the vrf 
index it can be derived from the enslaved index.

>
>> @@ -1193,7 +1193,12 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
>>   		       ipv6_sk_rxinfo(sk);
>>
>>   	if (prepare && skb_rtable(skb)) {
>> -		pktinfo->ipi_ifindex = inet_iif(skb);
>> +		/* skb->cb is overloaded: prior to this point it is IP{6}CB
>> +		 * which has interface index (iif) as the first member of the
>> +		 * underlying inet{6}_skb_parm struct. This code then overlays
>> +		 * PKTINFO_SKB_CB and in_pktinfo also has iif as the first
>> +		 * element so the iif is picked up from the prior IPCB
>> +		 */
>
> Better if there was a guarantee in the code that inet_skb_parm layout stays
> that way. Or instead just explicitly assign the iif.

At this point inet_iif points to the vrf device so can't use it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ