lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5505d62c-fd01-0b34-ba51-9d8e24959a87@6wind.com>
Date:   Thu, 9 Jan 2020 09:59:42 +0100
From:   Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:     Steffen Klassert <steffen.klassert@...unet.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH ipsec 2/2] xfrm interface: fix packet tx through
 bpf_redirect()

Le 09/01/2020 à 09:40, Steffen Klassert a écrit :
[snip]
>> @@ -352,10 +353,26 @@ static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
>>  	case htons(ETH_P_IPV6):
>>  		xfrm_decode_session(skb, &fl, AF_INET6);
>>  		memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
>> +		if (!dst) {
>> +			dst = ip6_route_output(dev_net(dev), NULL, &fl.u.ip6);
>> +			if (dst->error) {
>> +				dst_release(dst);
>> +				goto tx_err;
>> +			}
>> +			skb_dst_set(skb, dst);
>> +		}
>>  		break;
>>  	case htons(ETH_P_IP):
>>  		xfrm_decode_session(skb, &fl, AF_INET);
>>  		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
>> +		if (!dst) {
>> +			struct rtable *rt = __ip_route_output_key(dev_net(dev),
>> +								  &fl.u.ip4);
>> +
>> +			if (IS_ERR(rt))
>> +				goto tx_err;
> 
> With this change, the 'if (!dst)' in xfrmi_xmit2() is meaningless
Yep, I was hesitant to remove it :)

> and we don't handle this error as a link failure anymore.
Good point, will send a v2.


Thank you,
Nicolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ