lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Sep 2017 20:47:35 -0700
From:   Yulia Kartseva <yulia.kartseva@...il.com>
To:     Stephen Hemminger <stephen@...workplumber.org>,
        netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] tc: fix ipv6 filter selector attribute for some
 prefix lengths

Hello Stephen,
Sending as an attachment.
Thank you!

On Wed, Sep 27, 2017 at 1:26 AM, Stephen Hemminger
<stephen@...workplumber.org> wrote:
> On Mon, 25 Sep 2017 11:12:38 -0700
> Yulia Kartseva <yulia.kartseva@...il.com> wrote:
>
>> Wrong TCA_U32_SEL attribute packing if prefixLen AND 0x1f equals 0x1f.
>> These are  /31, /63, /95 and /127 prefix lengths.
>>
>> Example:
>> # tc filter add dev eth0 protocol ipv6 parent b: prio 2307 u32 match
>> ip6 dst face:b00f::/31
>> # tc filter show dev eth0
>> filter parent b: protocol ipv6 pref 2307 u32
>> filter parent b: protocol ipv6 pref 2307 u32 fh 800: ht divisor 1
>> filter parent b: protocol ipv6 pref 2307 u32 fh 800::800 order 2048
>> key ht 800 bkt 0
>>   match faceb00f/ffffffff at 24
>>
>>
>> The correct match would be "faceb00e/fffffffe": don't count the last
>> bit of the 4th byte as the network prefix. With fix:
>>
>> # tc filter show dev eth0
>> filter parent b: protocol ipv6 pref 2307 u32
>> filter parent b: protocol ipv6 pref 2307 u32 fh 800: ht divisor 1
>> filter parent b: protocol ipv6 pref 2307 u32 fh 800::800 order 2048
>> key ht 800 bkt 0
>>   match faceb00e/fffffffe at 24
>>
>>  tc/f_u32.c | 3 +--
>>  1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/tc/f_u32.c b/tc/f_u32.c
>> index 5815be9..14b9588 100644
>> --- a/tc/f_u32.c
>> +++ b/tc/f_u32.c
>> @@ -385,8 +385,7 @@ static int parse_ip6_addr(int *argc_p, char ***argv_p,
>>
>>   plen = addr.bitlen;
>>   for (i = 0; i < plen; i += 32) {
>> - /* if (((i + 31) & ~0x1F) <= plen) { */
>> - if (i + 31 <= plen) {
>> + if (i + 31 < plen) {
>>   res = pack_key(sel, addr.data[i / 32],
>>         0xFFFFFFFF, off + 4 * (i / 32), offmask);
>>   if (res < 0)
>
> This patch looks correct, but will not apply cleanly because
> the mail system that you submitted it with is removing whitespace.
> If possible use a different client, or send as an attachment.
>



-- 
C уважением, Юлия

Download attachment "f_u32.c.patch" of type "application/octet-stream" (417 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ