lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Dec 2019 16:36:22 -0800 (PST) From: David Miller <davem@...emloft.net> To: shmulik@...anetworks.com Cc: jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us, netdev@...r.kernel.org, shmulik.ladkani@...il.com, sladkani@...ofpoint.com Subject: Re: [PATCH net] net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device From: shmulik@...anetworks.com Date: Wed, 25 Dec 2019 10:51:01 +0200 > From: Shmulik Ladkani <sladkani@...ofpoint.com> > > There's no skb_pull performed when a mirred action is set at egress of a > mac device, with a target device/action that expects skb->data to point > at the network header. > > As a result, either the target device is errornously given an skb with > data pointing to the mac (egress case), or the net stack receives the > skb with data pointing to the mac (ingress case). > > E.g: > # tc qdisc add dev eth9 root handle 1: prio > # tc filter add dev eth9 parent 1: prio 9 protocol ip handle 9 basic \ > action mirred egress redirect dev tun0 > > (tun0 is a tun device. result: tun0 errornously gets the eth header > instead of the iph) > > Revise the push/pull logic of tcf_mirred_act() to not rely on the > skb_at_tc_ingress() vs tcf_mirred_act_wants_ingress() comparison, as it > does not cover all "pull" cases. > > Instead, calculate whether the required action on the target device > requires the data to point at the network header, and compare this to > whether skb->data points to network header - and make the push/pull > adjustments as necessary. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Shmulik Ladkani <sladkani@...ofpoint.com> > Tested-by: Jamal Hadi Salim <jhs@...atatu.com> > Acked-by: Jamal Hadi Salim <jhs@...atatu.com> Applied and queued up for -stable.
Powered by blists - more mailing lists