lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <568fc3d4505d6a1725a4e1e59f43f0af0ac10f8c.camel@redhat.com>
Date:   Wed, 16 Jan 2019 10:47:14 +0100
From:   Davide Caratti <dcaratti@...hat.com>
To:     Lorenzo Bianconi <lorenzo.bianconi@...hat.com>, davem@...emloft.net
Cc:     netdev@...r.kernel.org, u9012063@...il.com
Subject: Re: [PATCH net] net: ip6_gre: use erspan key field for tunnel
 lookup

On Tue, 2019-01-15 at 17:43 +0100, Lorenzo Bianconi wrote:
> Use ERSPAN key header field as tunnel key in gre_parse_header routine
> since ERSPAN protocol sets the key field of the external GRE header to
> 0 resulting in a possible tunnel lookup fail.
> In addition remove key field parsing in erspan_rcv and ip6erspan_rcv
> 
> Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
> ---
>  net/ipv4/gre_demux.c | 14 ++++++++++++++
>  net/ipv4/ip_gre.c    |  4 ----
>  net/ipv6/ip6_gre.c   |  1 -
>  3 files changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c
> index a4bf22ee3aed..ee09d657606e 100644
> --- a/net/ipv4/gre_demux.c
> +++ b/net/ipv4/gre_demux.c
> @@ -25,6 +25,7 @@
>  #include <linux/spinlock.h>
>  #include <net/protocol.h>
>  #include <net/gre.h>
> +#include <net/erspan.h>
>  
>  #include <net/icmp.h>
>  #include <net/route.h>
> @@ -119,6 +120,19 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
>  			hdr_len += 4;
>  	}
>  	tpi->hdr_len = hdr_len;
> +
> +	/* ERSPAN ver 1 and 2 protocol sets GRE key field
> +	 * to 0 and sets the configured key in the
> +	 * inner erspan header field
> +	 */
> +	if (tpi->proto == htons(ETH_P_ERSPAN) ||
> +	    tpi->proto == htons(ETH_P_ERSPAN2)) {
> +		struct erspan_base_hdr *ershdr;
> +
> +		ershdr = (struct erspan_base_hdr *)options;
> +		tpi->key = cpu_to_be32(get_session_id(ershdr));
> +	}
> +

hi Lorenzo,

are we sure that 'ershdr' is in the linear part of skb? if not, we might
need a call to pskb_may_pull() here.

thanks!
-- 
davide



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ