lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 May 2019 11:54:01 -0700
From:   Stanislav Fomichev <sdf@...gle.com>
To:     netdev@...r.kernel.org, bpf@...r.kernel.org
Cc:     davem@...emloft.net, ast@...nel.org, daniel@...earbox.net,
        willemb@...gle.com, ppenkov@...gle.com,
        Stanislav Fomichev <sdf@...gle.com>
Subject: [PATCH bpf 1/2] flow_dissector: support FLOW_DISSECTOR_KEY_ETH_ADDRS
 with BPF

If we have a flow dissector BPF program attached to the namespace,
FLOW_DISSECTOR_KEY_ETH_ADDRS won't trigger because we exit early.

Handle FLOW_DISSECTOR_KEY_ETH_ADDRS before BPF and only if we have
an skb (used by tc-flower only).

Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
---
 net/core/flow_dissector.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 9ca784c592ac..ba76d9168c8b 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -825,6 +825,18 @@ bool __skb_flow_dissect(const struct net *net,
 			else if (skb->sk)
 				net = sock_net(skb->sk);
 		}
+
+		if (dissector_uses_key(flow_dissector,
+				       FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
+			struct ethhdr *eth = eth_hdr(skb);
+			struct flow_dissector_key_eth_addrs *key_eth_addrs;
+
+			key_eth_addrs = skb_flow_dissector_target(flow_dissector,
+								  FLOW_DISSECTOR_KEY_ETH_ADDRS,
+								  target_container);
+			memcpy(key_eth_addrs, &eth->h_dest,
+			       sizeof(*key_eth_addrs));
+		}
 	}
 
 	WARN_ON_ONCE(!net);
@@ -860,17 +872,6 @@ bool __skb_flow_dissect(const struct net *net,
 		rcu_read_unlock();
 	}
 
-	if (dissector_uses_key(flow_dissector,
-			       FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
-		struct ethhdr *eth = eth_hdr(skb);
-		struct flow_dissector_key_eth_addrs *key_eth_addrs;
-
-		key_eth_addrs = skb_flow_dissector_target(flow_dissector,
-							  FLOW_DISSECTOR_KEY_ETH_ADDRS,
-							  target_container);
-		memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
-	}
-
 proto_again:
 	fdret = FLOW_DISSECT_RET_CONTINUE;
 
-- 
2.21.0.1020.gf2820cf01a-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ