lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALx6S37Mejm1_nbwxJhKC3o5EY0gidTLuY5roepF2dKyXEB1eg@mail.gmail.com>
Date:   Sat, 14 Dec 2019 11:08:28 -0800
From:   Tom Herbert <tom@...bertland.com>
To:     Simon Horman <simon.horman@...ronome.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Tom Herbert <tom@...ntonium.net>
Subject: Re: [PATCH v5 net-next 3/7] ipeh: Generic TLV parser

On Sun, Oct 6, 2019 at 6:05 AM Simon Horman <simon.horman@...ronome.com> wrote:
>
> On Thu, Oct 03, 2019 at 02:58:00PM -0700, Tom Herbert wrote:
> > From: Tom Herbert <tom@...ntonium.net>
> >
> > Create a generic TLV parser. This will be used with various
> > extension headers that carry options including Destination,
> > Hop-by-Hop, Segment Routing TLVs, and other cases of simple
> > stateless parsing.
> >
> > Signed-off-by: Tom Herbert <tom@...bertland.com>
> > ---
> >  include/net/ipeh.h        |  25 ++++++++
> >  net/ipv6/exthdrs.c        | 159 +++++++++++-----------------------------------
> >  net/ipv6/exthdrs_common.c | 114 +++++++++++++++++++++++++++++++++
> >  3 files changed, 177 insertions(+), 121 deletions(-)
> >
> > diff --git a/include/net/ipeh.h b/include/net/ipeh.h
> > index 3b24831..c1aa7b6 100644
> > --- a/include/net/ipeh.h
> > +++ b/include/net/ipeh.h
> > @@ -31,4 +31,29 @@ struct ipv6_txoptions *ipeh_renew_options(struct sock *sk,
> >  struct ipv6_txoptions *ipeh_fixup_options(struct ipv6_txoptions *opt_space,
> >                                         struct ipv6_txoptions *opt);
> >
> > +/* Generic extension header TLV parser */
> > +
> > +enum ipeh_parse_errors {
> > +     IPEH_PARSE_ERR_PAD1,            /* Excessive PAD1 */
> > +     IPEH_PARSE_ERR_PADN,            /* Excessive PADN */
> > +     IPEH_PARSE_ERR_PADNZ,           /* Non-zero padding data */
> > +     IPEH_PARSE_ERR_EH_TOOBIG,       /* Length of EH exceeds limit */
> > +     IPEH_PARSE_ERR_OPT_TOOBIG,      /* Option size exceeds limit */
> > +     IPEH_PARSE_ERR_OPT_TOOMANY,     /* Option count exceeds limit */
> > +     IPEH_PARSE_ERR_OPT_UNK_DISALW,  /* Unknown option disallowed */
> > +     IPEH_PARSE_ERR_OPT_UNK,         /* Unknown option */
> > +};
> > +
> > +/* The generic TLV parser assumes that the type value of PAD1 is 0, and PADN
> > + * is 1. This is true for Destination, Hop-by-Hop and current definition
> > + * of Segment Routing TLVs.
> > + */
> > +#define IPEH_TLV_PAD1        0
> > +#define IPEH_TLV_PADN        1
> > +
> > +bool ipeh_parse_tlv(const struct tlvtype_proc *procs, struct sk_buff *skb,
> > +                 int max_count, int off, int len,
> > +                 bool (*parse_error)(struct sk_buff *skb,
> > +                                     int off, enum ipeh_parse_errors error));
> > +
> >  #endif /* _NET_IPEH_H */
>
> Hi Tom,
>
> Unless I misread things, which is entirely possible, it seems
> as well as moving code around this patch changes behaviour under
> some error conditions via the parse_error callback and
> the ipv6_parse_error() implementation of it below.
>
> I think such a change is worth of at lest calling out in the changelog
> and perhaps braking out into a separate patch.
>
Okay, makes sense to split out the parse_error code. I also noticed
that there's no counter being bumped when we drop a HBH option, I'll
fix that.

> ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ