lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191006130526.c65ibu5hoizctaq6@netronome.com>
Date:   Sun, 6 Oct 2019 15:05:26 +0200
From:   Simon Horman <simon.horman@...ronome.com>
To:     Tom Herbert <tom@...bertland.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org,
        Tom Herbert <tom@...ntonium.net>
Subject: Re: [PATCH v5 net-next 3/7] ipeh: Generic TLV parser

On Thu, Oct 03, 2019 at 02:58:00PM -0700, Tom Herbert wrote:
> From: Tom Herbert <tom@...ntonium.net>
> 
> Create a generic TLV parser. This will be used with various
> extension headers that carry options including Destination,
> Hop-by-Hop, Segment Routing TLVs, and other cases of simple
> stateless parsing.
> 
> Signed-off-by: Tom Herbert <tom@...bertland.com>
> ---
>  include/net/ipeh.h        |  25 ++++++++
>  net/ipv6/exthdrs.c        | 159 +++++++++++-----------------------------------
>  net/ipv6/exthdrs_common.c | 114 +++++++++++++++++++++++++++++++++
>  3 files changed, 177 insertions(+), 121 deletions(-)
> 
> diff --git a/include/net/ipeh.h b/include/net/ipeh.h
> index 3b24831..c1aa7b6 100644
> --- a/include/net/ipeh.h
> +++ b/include/net/ipeh.h
> @@ -31,4 +31,29 @@ struct ipv6_txoptions *ipeh_renew_options(struct sock *sk,
>  struct ipv6_txoptions *ipeh_fixup_options(struct ipv6_txoptions *opt_space,
>  					  struct ipv6_txoptions *opt);
>  
> +/* Generic extension header TLV parser */
> +
> +enum ipeh_parse_errors {
> +	IPEH_PARSE_ERR_PAD1,		/* Excessive PAD1 */
> +	IPEH_PARSE_ERR_PADN,		/* Excessive PADN */
> +	IPEH_PARSE_ERR_PADNZ,		/* Non-zero padding data */
> +	IPEH_PARSE_ERR_EH_TOOBIG,	/* Length of EH exceeds limit */
> +	IPEH_PARSE_ERR_OPT_TOOBIG,	/* Option size exceeds limit */
> +	IPEH_PARSE_ERR_OPT_TOOMANY,	/* Option count exceeds limit */
> +	IPEH_PARSE_ERR_OPT_UNK_DISALW,	/* Unknown option disallowed */
> +	IPEH_PARSE_ERR_OPT_UNK,		/* Unknown option */
> +};
> +
> +/* The generic TLV parser assumes that the type value of PAD1 is 0, and PADN
> + * is 1. This is true for Destination, Hop-by-Hop and current definition
> + * of Segment Routing TLVs.
> + */
> +#define IPEH_TLV_PAD1	0
> +#define IPEH_TLV_PADN	1
> +
> +bool ipeh_parse_tlv(const struct tlvtype_proc *procs, struct sk_buff *skb,
> +		    int max_count, int off, int len,
> +		    bool (*parse_error)(struct sk_buff *skb,
> +					int off, enum ipeh_parse_errors error));
> +
>  #endif /* _NET_IPEH_H */

Hi Tom,

Unless I misread things, which is entirely possible, it seems
as well as moving code around this patch changes behaviour under
some error conditions via the parse_error callback and
the ipv6_parse_error() implementation of it below.

I think such a change is worth of at lest calling out in the changelog
and perhaps braking out into a separate patch.

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ