lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Mar 2018 18:11:02 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Daniel Axtens <dja@...ens.net>
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH v2 1/4] net: rename skb_gso_validate_mtu ->
 skb_gso_validate_network_len

On Thu, Mar 01, 2018 at 05:13:37PM +1100, Daniel Axtens wrote:
> If you take a GSO skb, and split it into packets, will the network
> length (L3 headers + L4 headers + payload) of those packets be small
> enough to fit within a given MTU?
> 
> skb_gso_validate_mtu gives you the answer to that question. However,
> we recently added to add a way to validate the MAC length of a split GSO
> skb (L2+L3+L4+payload), and the names get confusing, so rename
> skb_gso_validate_mtu to skb_gso_validate_network_len
> 
> Signed-off-by: Daniel Axtens <dja@...ens.net>

Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>

> ---
>  include/linux/skbuff.h                  |  2 +-
>  net/core/skbuff.c                       | 11 ++++++-----
>  net/ipv4/ip_forward.c                   |  2 +-
>  net/ipv4/ip_output.c                    |  2 +-
>  net/ipv4/netfilter/nf_flow_table_ipv4.c |  2 +-
>  net/ipv6/ip6_output.c                   |  2 +-
>  net/ipv6/netfilter/nf_flow_table_ipv6.c |  2 +-
>  net/mpls/af_mpls.c                      |  2 +-
>  net/xfrm/xfrm_device.c                  |  2 +-
>  9 files changed, 14 insertions(+), 13 deletions(-)
> 
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index c1e66bdcf583..a057dd1a75c7 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -3286,7 +3286,7 @@ void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len);
>  int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen);
>  void skb_scrub_packet(struct sk_buff *skb, bool xnet);
>  unsigned int skb_gso_transport_seglen(const struct sk_buff *skb);
> -bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu);
> +bool skb_gso_validate_network_len(const struct sk_buff *skb, unsigned int mtu);
>  bool skb_gso_validate_mac_len(const struct sk_buff *skb, unsigned int len);
>  struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features);
>  struct sk_buff *skb_vlan_untag(struct sk_buff *skb);
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 09bd89c90a71..b63767008824 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4955,19 +4955,20 @@ static inline bool skb_gso_size_check(const struct sk_buff *skb,
>  }
>  
>  /**
> - * skb_gso_validate_mtu - Return in case such skb fits a given MTU
> + * skb_gso_validate_network_len - Will a split GSO skb fit into a given MTU?
>   *
>   * @skb: GSO skb
>   * @mtu: MTU to validate against
>   *
> - * skb_gso_validate_mtu validates if a given skb will fit a wanted MTU
> - * once split.
> + * skb_gso_validate_network_len validates if a given skb will fit a
> + * wanted MTU once split. It considers L3 headers, L4 headers, and the
> + * payload.
>   */
> -bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu)
> +bool skb_gso_validate_network_len(const struct sk_buff *skb, unsigned int mtu)
>  {
>  	return skb_gso_size_check(skb, skb_gso_network_seglen(skb), mtu);
>  }
> -EXPORT_SYMBOL_GPL(skb_gso_validate_mtu);
> +EXPORT_SYMBOL_GPL(skb_gso_validate_network_len);
>  
>  /**
>   * skb_gso_validate_mac_len - Will a split GSO skb fit in a given length?
> diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
> index 2dd21c3281a1..b54b948b0596 100644
> --- a/net/ipv4/ip_forward.c
> +++ b/net/ipv4/ip_forward.c
> @@ -55,7 +55,7 @@ static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
>  	if (skb->ignore_df)
>  		return false;
>  
> -	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +	if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  		return false;
>  
>  	return true;
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index e8e675be60ec..66340ab750e6 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -248,7 +248,7 @@ static int ip_finish_output_gso(struct net *net, struct sock *sk,
>  
>  	/* common case: seglen is <= mtu
>  	 */
> -	if (skb_gso_validate_mtu(skb, mtu))
> +	if (skb_gso_validate_network_len(skb, mtu))
>  		return ip_finish_output2(net, sk, skb);
>  
>  	/* Slowpath -  GSO segment length exceeds the egress MTU.
> diff --git a/net/ipv4/netfilter/nf_flow_table_ipv4.c b/net/ipv4/netfilter/nf_flow_table_ipv4.c
> index 25d2975da156..2447077d163d 100644
> --- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
> +++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
> @@ -185,7 +185,7 @@ static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
>  	if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0)
>  		return false;
>  
> -	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +	if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  		return false;
>  
>  	return true;
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index 997c7f19ad62..a8a919520090 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -412,7 +412,7 @@ static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
>  	if (skb->ignore_df)
>  		return false;
>  
> -	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +	if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  		return false;
>  
>  	return true;
> diff --git a/net/ipv6/netfilter/nf_flow_table_ipv6.c b/net/ipv6/netfilter/nf_flow_table_ipv6.c
> index d346705d6ee6..207cb35569b1 100644
> --- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
> +++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
> @@ -178,7 +178,7 @@ static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
>  	if (skb->len <= mtu)
>  		return false;
>  
> -	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +	if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  		return false;
>  
>  	return true;
> diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
> index e545a3c9365f..7a4de6d618b1 100644
> --- a/net/mpls/af_mpls.c
> +++ b/net/mpls/af_mpls.c
> @@ -122,7 +122,7 @@ bool mpls_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
>  	if (skb->len <= mtu)
>  		return false;
>  
> -	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +	if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  		return false;
>  
>  	return true;
> diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
> index 8e70291e586a..e87d6c4dd5b6 100644
> --- a/net/xfrm/xfrm_device.c
> +++ b/net/xfrm/xfrm_device.c
> @@ -217,7 +217,7 @@ bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x)
>  		if (skb->len <= mtu)
>  			goto ok;
>  
> -		if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
> +		if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
>  			goto ok;
>  	}
>  
> -- 
> 2.14.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ