| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Apr 2019 17:36:18 +0000
From: Martin Lau <kafai@...com>
To: David Ahern <dsahern@...nel.org>
CC: "davem@...emloft.net" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"idosch@...lanox.com" <idosch@...lanox.com>,
"David Ahern" <dsahern@...il.com>
Subject: Re: [PATCH net-next 10/10] ipv6: Refactor __ip6_route_redirect
On Tue, Apr 09, 2019 at 02:41:19PM -0700, David Ahern wrote:
> From: David Ahern <dsahern@...il.com>
>
> Move the nexthop evaluation of a fib entry to a helper that can be
> leveraged for each fib6_nh in a multipath nexthop object.
>
> In the move, 'continue' statements means the helper returns false
> (loop should continue) and 'break' means return true (found the entry
> of interest).
>
> Signed-off-by: David Ahern <dsahern@...il.com>
> ---
> net/ipv6/route.c | 56 +++++++++++++++++++++++++++++++++-----------------------
> 1 file changed, 33 insertions(+), 23 deletions(-)
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index 0e8becb1e455..d555edaaff13 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2407,6 +2407,35 @@ void ip6_sk_dst_store_flow(struct sock *sk, struct dst_entry *dst,
> NULL);
> }
>
> +static bool ip6_redirect_nh_match(struct fib6_info *f6i,
> + struct fib6_nh *nh,
Why both "struct fib6_info" and "struct fib6_nh" are needed?
I assume nh cannot be obtained from f6i in the later patch
when nh is decoupled from f6i?
> + struct flowi6 *fl6,
> + const struct in6_addr *gw,
> + struct rt6_info **ret)
> +{
> + if (nh->fib_nh_flags & RTNH_F_DEAD || !nh->fib_nh_gw_family ||
> + fl6->flowi6_oif != nh->fib_nh_dev->ifindex)
> + return false;
> +
> + /* rt_cache's gateway might be different from its 'parent'
> + * in the case of an ip redirect.
> + * So we keep searching in the exception table if the gateway
> + * is different.
> + */
> + if (!ipv6_addr_equal(gw, &nh->fib_nh_gw6)) {
> + struct rt6_info *rt_cache;
> +
> + rt_cache = rt6_find_cached_rt(f6i, &fl6->daddr, &fl6->saddr);
> + if (rt_cache &&
> + ipv6_addr_equal(gw, &rt_cache->rt6i_gateway)) {
> + *ret = rt_cache;
> + return true;
> + }
> + return false;
> + }
> + return true;
> +}
> +
> /* Handle redirects */
> struct ip6rd_flowi {
> struct flowi6 fl6;
> @@ -2420,7 +2449,7 @@ static struct rt6_info *__ip6_route_redirect(struct net *net,
> int flags)
> {
> struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6;
> - struct rt6_info *ret = NULL, *rt_cache;
> + struct rt6_info *ret = NULL;
> struct fib6_info *rt;
The "rt" naming is becoming hard to review.
It is fortunate that the type context is kept in this diff.
In this local case, the s/rt/f6i/ rename is quite doable?
It can be the first clean-up step.
> struct fib6_node *fn;
>
> @@ -2438,34 +2467,15 @@ static struct rt6_info *__ip6_route_redirect(struct net *net,
> fn = fib6_node_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
> restart:
> for_each_fib6_node_rt_rcu(fn) {
> - if (rt->fib6_nh.fib_nh_flags & RTNH_F_DEAD)
> - continue;
> if (fib6_check_expired(rt))
> continue;
> if (rt->fib6_flags & RTF_REJECT)
> break;
> - if (!rt->fib6_nh.fib_nh_gw_family)
> - continue;
> if (fl6->flowi6_oif != rt->fib6_nh.fib_nh_dev->ifindex)
This check is also copied to the new ip6_redirect_nh_match.
Should this one be removed from here?
> continue;
> - /* rt_cache's gateway might be different from its 'parent'
> - * in the case of an ip redirect.
> - * So we keep searching in the exception table if the gateway
> - * is different.
> - */
> - if (!ipv6_addr_equal(&rdfl->gateway, &rt->fib6_nh.fib_nh_gw6)) {
> - rt_cache = rt6_find_cached_rt(rt,
> - &fl6->daddr,
> - &fl6->saddr);
> - if (rt_cache &&
> - ipv6_addr_equal(&rdfl->gateway,
> - &rt_cache->rt6i_gateway)) {
> - ret = rt_cache;
> - break;
> - }
> - continue;
> - }
> - break;
> + if (ip6_redirect_nh_match(rt, &rt->fib6_nh, fl6,
> + &rdfl->gateway, &ret))
> + goto out;
> }
>
> if (!rt)
> --
> 2.11.0
>
Powered by blists - more mailing lists