lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Feb 2020 11:06:43 -0700 From: David Ahern <dsahern@...il.com> To: Carmine Scarpitta <carmine.scarpitta@...roma2.it>, davem@...emloft.net Cc: kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, ahmed.abdelsalam@...i.it, david.lebrun@...ouvain.be, dav.lebrun@...il.com, andrea.mayer@...roma2.it, paolo.lungaroni@...t.it Subject: Re: [net-next 1/2] Perform IPv4 FIB lookup in a predefined FIB table On 2/12/20 6:09 PM, Carmine Scarpitta wrote: > In IPv4, the routing subsystem is invoked by calling ip_route_input_rcu() > which performs the recognition logic and calls ip_route_input_slow(). > > ip_route_input_slow() initialises both "fi" and "table" members > of the fib_result structure to null before calling fib_lookup(). > > fib_lookup() performs fib lookup in the routing table configured > by the policy routing rules. > > In this patch, we allow invoking the ip4 routing subsystem > with known routing table. This is useful for use-cases implementing > a separate routing table per tenant. > > The patch introduces a new flag named "tbl_known" to the definition of > ip_route_input_rcu() and ip_route_input_slow(). > > When the flag is set, ip_route_input_slow() will call fib_table_lookup() > using the defined table instead of using fib_lookup(). I do not like this change. If you want a specific table lookup, then why just call fib_table_lookup directly? Both it and rt_dst_alloc are exported for modules. Your next patch already does a fib table lookup. > > Signed-off-by: Carmine Scarpitta <carmine.scarpitta@...roma2.it> > Acked-by: Ahmed Abdelsalam <ahmed.abdelsalam@...i.it> > Acked-by: Andrea Mayer <andrea.mayer@...roma2.it> > Acked-by: Paolo Lungaroni <paolo.lungaroni@...t.it> > --- > include/net/route.h | 2 +- > net/ipv4/route.c | 22 ++++++++++++++-------- > 2 files changed, 15 insertions(+), 9 deletions(-) > > diff --git a/include/net/route.h b/include/net/route.h > index a9c60fc68e36..4ff977bd7029 100644 > --- a/include/net/route.h > +++ b/include/net/route.h > @@ -183,7 +183,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src, > u8 tos, struct net_device *devin); > int ip_route_input_rcu(struct sk_buff *skb, __be32 dst, __be32 src, > u8 tos, struct net_device *devin, > - struct fib_result *res); > + struct fib_result *res, bool tbl_known); > > int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, > u8 tos, struct net_device *devin, > diff --git a/net/ipv4/route.c b/net/ipv4/route.c > index d5c57b3f77d5..39cec9883d6f 100644 > --- a/net/ipv4/route.c > +++ b/net/ipv4/route.c > @@ -2077,7 +2077,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, > > static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, > u8 tos, struct net_device *dev, > - struct fib_result *res) > + struct fib_result *res, bool tbl_known) > { > struct in_device *in_dev = __in_dev_get_rcu(dev); > struct flow_keys *flkeys = NULL, _flkeys; > @@ -2109,8 +2109,6 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, > if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) > goto martian_source; > > - res->fi = NULL; > - res->table = NULL; > if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0)) > goto brd_input; I believe this also introduces a potential bug. You remove the fi initialization yet do not cover the goto case.
Powered by blists - more mailing lists