lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1507511262.14419.32.camel@edumazet-glaptop3.roam.corp.google.com>
Date:   Sun, 08 Oct 2017 18:07:42 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Alexander Duyck <alexander.duyck@...il.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [net PATCH] macvlan: Only deliver one copy of the frame to the
 macvlan interface

On Sun, 2017-10-08 at 15:54 -0700, Alexander Duyck wrote:
> From: Alexander Duyck <alexander.h.duyck@...el.com>
> 
> This patch intoduces a slight adjustment for macvlan to address the fact
> that in source mode I was seeing two copies of any packet addressed to the
> macvlan interface being delivered where there should have been only one.
> 
> The issue appears to be that one copy was delivered based on the source MAC
> address and then the second copy was being delivered based on the
> destination MAC address. To fix it I am just freeing the second copy
> instead of delivering it up the stack using the same netdev as was already
> delivered to.
> 
> Fixes: 79cf79abce71 ("macvlan: add source mode")
> Signed-off-by: Alexander Duyck <alexander.h.duyck@...el.com>
> ---
>  drivers/net/macvlan.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
> index d2aea961e0f4..744b0fe6dc78 100644
> --- a/drivers/net/macvlan.c
> +++ b/drivers/net/macvlan.c
> @@ -484,7 +484,8 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
>  		return RX_HANDLER_PASS;
>  
>  	dev = vlan->dev;
> -	if (unlikely(!(dev->flags & IFF_UP))) {
> +	if ((vlan->mode == MACVLAN_MODE_SOURCE) ||
> +	    unlikely(!(dev->flags & IFF_UP))) {
>  		kfree_skb(skb);
>  		return RX_HANDLER_CONSUMED;
>  	}
> 


Shouldn't we have a consume_skb() then instead of kfree_skb() ?

We are not really dropping a packet here, only avoiding some artifact
cause by the cited commit.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ