| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Oct 2016 11:04:46 -0700
From: Pravin Shelar <pshelar@....org>
To: Jiri Benc <jbenc@...hat.com>
Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>,
David Ahern <dsa@...ulusnetworks.com>
Subject: Re: [PATCH net-next] openvswitch: correctly fragment packet with mpls headers
On Mon, Oct 3, 2016 at 9:33 AM, Jiri Benc <jbenc@...hat.com> wrote:
> If mpls headers were pushed to a defragmented packet, the refragmentation no
> longer works correctly after 48d2ab609b6b ("net: mpls: Fixups for GSO"). The
> network header has to be shifted after the mpls headers for the
> fragmentation and restored afterwards.
>
> Fixes: 48d2ab609b6b ("net: mpls: Fixups for GSO")
> Signed-off-by: Jiri Benc <jbenc@...hat.com>
> ---
> net/openvswitch/actions.c | 26 +++++++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
> index 4e03f64709bc..370b2ba3df4c 100644
> --- a/net/openvswitch/actions.c
> +++ b/net/openvswitch/actions.c
> @@ -62,7 +62,8 @@ struct ovs_frag_data {
> struct vport *vport;
> struct ovs_skb_cb cb;
> __be16 inner_protocol;
> - __u16 vlan_tci;
> + u16 network_offset; /* valid only if inner_protocol is set */
> + u16 vlan_tci;
> __be16 vlan_proto;
> unsigned int l2_len;
> u8 l2_data[MAX_L2_LEN];
> @@ -656,7 +657,6 @@ static int ovs_vport_output(struct net *net, struct sock *sk, struct sk_buff *sk
>
> __skb_dst_copy(skb, data->dst);
> *OVS_CB(skb) = data->cb;
> - skb->inner_protocol = data->inner_protocol;
> skb->vlan_tci = data->vlan_tci;
> skb->vlan_proto = data->vlan_proto;
>
> @@ -666,6 +666,13 @@ static int ovs_vport_output(struct net *net, struct sock *sk, struct sk_buff *sk
> skb_postpush_rcsum(skb, skb->data, data->l2_len);
> skb_reset_mac_header(skb);
>
> + if (data->inner_protocol) {
> + skb->inner_protocol = data->inner_protocol;
> + skb->inner_network_header = skb->network_header;
> + skb_set_network_header(skb, data->network_offset);
> + }
> + skb_reset_mac_len(skb);
> +
> ovs_vport_send(vport, skb);
> return 0;
> }
> @@ -684,7 +691,8 @@ static struct dst_ops ovs_dst_ops = {
> /* prepare_frag() is called once per (larger-than-MTU) frame; its inverse is
> * ovs_vport_output(), which is called once per fragmented packet.
> */
> -static void prepare_frag(struct vport *vport, struct sk_buff *skb)
> +static void prepare_frag(struct vport *vport, struct sk_buff *skb,
> + u16 orig_network_offset)
> {
> unsigned int hlen = skb_network_offset(skb);
> struct ovs_frag_data *data;
> @@ -694,6 +702,7 @@ static void prepare_frag(struct vport *vport, struct sk_buff *skb)
> data->vport = vport;
> data->cb = *OVS_CB(skb);
> data->inner_protocol = skb->inner_protocol;
> + data->network_offset = orig_network_offset;
> data->vlan_tci = skb->vlan_tci;
> data->vlan_proto = skb->vlan_proto;
> data->l2_len = hlen;
> @@ -706,6 +715,13 @@ static void prepare_frag(struct vport *vport, struct sk_buff *skb)
> static void ovs_fragment(struct net *net, struct vport *vport,
> struct sk_buff *skb, u16 mru, __be16 ethertype)
> {
> + u16 orig_network_offset = 0;
> +
> + if (skb->inner_protocol) {
> + orig_network_offset = skb_network_offset(skb);
> + skb->network_header = skb->inner_network_header;
> + }
> +
This is not correct way to detect MPLS packet. inner_protocol can be
set by any tunnel device for using tunnel offloads. So this would
break the fragmentation for encapsulated packets. How about using
eth_p_mpls() as done in do-output()?
Powered by blists - more mailing lists