lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 01 May 2019 13:29:14 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     shmulik@...anetworks.com
Cc:     netdev@...r.kernel.org, kuznet@....inr.ac.ru,
        shmulik.ladkani@...il.com
Subject: Re: [PATCH net] ipv4: ip_do_fragment: Preserve skb_iif during
 fragmentation

From: Shmulik Ladkani <shmulik@...anetworks.com>
Date: Mon, 29 Apr 2019 16:39:30 +0300

> Previously, during fragmentation after forwarding, skb->skb_iif isn't
> preserved, i.e. 'ip_copy_metadata' does not copy skb_iif from given
> 'from' skb.
> 
> As a result, ip_do_fragment's creates fragments with zero skb_iif,
> leading to inconsistent behavior.
> 
> Assume for example an eBPF program attached at tc egress (post
> forwarding) that examines __sk_buff->ingress_ifindex:
>  - the correct iif is observed if forwarding path does not involve
>    fragmentation/refragmentation
>  - a bogus iif is observed if forwarding path involves
>    fragmentation/refragmentatiom
> 
> Fix, by preserving skb_iif during 'ip_copy_metadata'.
> 
> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@...il.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ