| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180425141503.25772-1-tehnerd@tehnerd.com>
Date: Wed, 25 Apr 2018 07:15:03 -0700
From: "Nikita V. Shirokov" <tehnerd@...nerd.com>
To: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
"David S . Miller" <davem@...emloft.net>
Cc: netdev@...r.kernel.org, "Nikita V. Shirokov" <tehnerd@...nerd.com>
Subject: [PATCH bpf-next] bpf: fix xdp_generic for bpf_adjust_tail usecase
when bpf_adjust_tail was introduced for generic xdp, it changed skb's tail
pointer, so it was pointing to the new "end of the packet". however skb's
len field wasn't properly modified, so on the wire ethernet frame had
original (or even bigger, if adjust_head was used) size. this diff is fixing
this.
Fixes: 198d83bb3 (" bpf: make generic xdp compatible w/
bpf_xdp_adjust_tail")
Signed-off-by: Nikita V. Shirokov <tehnerd@...nerd.com>
---
Notes:
original tests missed this because it looks like tap interface
ignores incorrect ethernet FCS (all tests were done in VM)
and even w/ missaligned l3 and l2 lengths, kernel still were
accepting this ICMP packet
output was generated w/ bpf_adjust_tail prog from samples
before this fix (see lengths field of the ethernet layer):
tehnerd@...ndev:~$ sudo tcpdump -ni tap0 icmp -vvv -eee
tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:38:15.546782 52:54:00:12:34:57 > 12:0e:a3:cc:78:b8, ethertype IPv4 (0x0800), length 1454: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto ICMP (1), length 112)
172.16.0.2 > 172.16.0.1: ICMP 172.16.0.2 unreachable - need to frag (mtu 586), length 92
(tos 0x0, ttl 64, id 48021, offset 0, flags [DF], proto TCP (6), length 1412)
172.16.0.1.50916 > 172.16.0.2.22: Flags [P.], seq 427401155:427402515, ack 3567613893, win 229, options [nop,nop,TS val 1287434011 ecr 2176566223], length 1360
after:
tehnerd@...ndev:~$ sudo tcpdump -ni tap0 icmp -vvv -eee
tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:47:37.226843 52:54:00:12:34:57 > 32:45:9f:69:35:ba, ethertype IPv4 (0x0800), length 126: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto ICMP (1), length 112)
172.16.0.2 > 172.16.0.1: ICMP 172.16.0.2 unreachable - need to frag (mtu 586), length 92
(tos 0x0, ttl 64, id 29964, offset 0, flags [DF], proto TCP (6), length 1412)
172.16.0.1.50918 > 172.16.0.2.22: Flags [P.], seq 14171614:14172974, ack 1433043471, win 229, options [nop,nop,TS val 1287995744 ecr 3312743811], length 1360
net/core/dev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index c624a04dad1f..8f8931b93140 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4057,8 +4057,10 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb,
* pckt.
*/
off = orig_data_end - xdp.data_end;
- if (off != 0)
+ if (off != 0) {
skb_set_tail_pointer(skb, xdp.data_end - xdp.data);
+ skb->len -= off;
+ }
switch (act) {
case XDP_REDIRECT:
--
2.15.1
Powered by blists - more mailing lists