lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191119162724.2ea1d240@cakuba.netronome.com>
Date:   Tue, 19 Nov 2019 16:27:24 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Xin Long <lucien.xin@...il.com>
Cc:     network dev <netdev@...r.kernel.org>, davem@...emloft.net,
        simon.horman@...ronome.com
Subject: Re: [PATCH net-next 2/4] net: sched: add erspan option support to
 act_tunnel_key

On Tue, 19 Nov 2019 17:31:47 +0800, Xin Long wrote:
> @@ -149,6 +159,49 @@ tunnel_key_copy_vxlan_opt(const struct nlattr *nla, void *dst, int dst_len,
>  	return sizeof(struct vxlan_metadata);
>  }
>  
> +static int
> +tunnel_key_copy_erspan_opt(const struct nlattr *nla, void *dst, int dst_len,
> +			   struct netlink_ext_ack *extack)
> +{
> +	struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1];
> +	int err;
> +
> +	err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX, nla,
> +			       erspan_opt_policy, extack);
> +	if (err < 0)
> +		return err;
> +
> +	if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]) {
> +		NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
> +		return -EINVAL;
> +	}
> +
> +	if (dst) {
> +		struct erspan_metadata *md = dst;
> +
> +		nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER];
> +		md->version = nla_get_u8(nla);
> +
> +		if (md->version == 1 &&
> +		    tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]) {
> +			nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX];
> +			md->u.index = nla_get_be32(nla);
> +		} else if (md->version == 2 &&
> +			   tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] &&
> +			   tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]) {
> +			nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR];
> +			md->u.md2.dir = nla_get_u8(nla);
> +			nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID];
> +			set_hwid(&md->u.md2, nla_get_u8(nla));
> +		} else {
> +			NL_SET_ERR_MSG(extack, "erspan ver is incorrect or some option is missed");

I think s/missed/missing/

But I think it'd be better if the validation was done also when dst is
not yet allocated. I don't think it matters today, just think it'd be
cleaner.

> +			return -EINVAL;
> +		}
> +	}
> +
> +	return sizeof(struct erspan_metadata);
> +}
> +
>  static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst,
>  				int dst_len, struct netlink_ext_ack *extack)
>  {
> @@ -190,6 +243,18 @@ static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst,
>  			opts_len += opt_len;
>  			type = TUNNEL_VXLAN_OPT;
>  			break;
> +		case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN:
> +			if (type) {
> +				NL_SET_ERR_MSG(extack, "Wrong type for erspan options");

Wrong or duplicate, right? If I'm reading this right unlike for Geneve
opts there can be only one instance of opts for other types.

> +				return -EINVAL;
> +			}
> +			opt_len = tunnel_key_copy_erspan_opt(attr, dst,
> +							     dst_len, extack);
> +			if (opt_len < 0)
> +				return opt_len;
> +			opts_len += opt_len;
> +			type = TUNNEL_ERSPAN_OPT;
> +			break;
>  		}
>  	}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ