lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Feb 2020 00:50:07 +0100
From:   Carmine Scarpitta <carmine.scarpitta@...roma2.it>
To:     David Ahern <dsahern@...il.com>
Cc:     davem@...emloft.net, kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org,
        kuba@...nel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, ahmed.abdelsalam@...i.it,
        dav.lebrun@...il.com, andrea.mayer@...roma2.it,
        paolo.lungaroni@...t.it
Subject: Re: [net-next 1/2] Perform IPv4 FIB lookup in a predefined FIB
 table

Hi David, 
Thanks for the review and sorry for the late reply 

Indeed both call fib_table_lookup and rt_dst_alloc are exported for modules. 
However, several functions defined in route.c are not exported:
- the two functions rt_cache_valid and rt_cache_route required to handle the routing cache
- find_exception, required to support fib exceptions.
This would require duplicating a lot of the IPv4 routing code. 
The reason behind this change is really to reuse the IPv4 routing code instead of doing a duplication. 

For the fi member of the struct fib_result, we will fix it by initializing before "if (!tbl_known)"

Thanks, 
Carmine 


On Sat, 15 Feb 2020 11:06:43 -0700
David Ahern <dsahern@...il.com> wrote:

> On 2/12/20 6:09 PM, Carmine Scarpitta wrote:
> > In IPv4, the routing subsystem is invoked by calling ip_route_input_rcu()
> > which performs the recognition logic and calls ip_route_input_slow().
> > 
> > ip_route_input_slow() initialises both "fi" and "table" members
> > of the fib_result structure to null before calling fib_lookup().
> > 
> > fib_lookup() performs fib lookup in the routing table configured
> > by the policy routing rules.
> > 
> > In this patch, we allow invoking the ip4 routing subsystem
> > with known routing table. This is useful for use-cases implementing
> > a separate routing table per tenant.
> > 
> > The patch introduces a new flag named "tbl_known" to the definition of
> > ip_route_input_rcu() and ip_route_input_slow().
> > 
> > When the flag is set, ip_route_input_slow() will call fib_table_lookup()
> > using the defined table instead of using fib_lookup().
> 
> I do not like this change. If you want a specific table lookup, then why
> just call fib_table_lookup directly? Both it and rt_dst_alloc are
> exported for modules. Your next patch already does a fib table lookup.
> 
> 
> > 
> > Signed-off-by: Carmine Scarpitta <carmine.scarpitta@...roma2.it>
> > Acked-by: Ahmed Abdelsalam <ahmed.abdelsalam@...i.it>
> > Acked-by: Andrea Mayer <andrea.mayer@...roma2.it>
> > Acked-by: Paolo Lungaroni <paolo.lungaroni@...t.it>
> > ---
> >  include/net/route.h |  2 +-
> >  net/ipv4/route.c    | 22 ++++++++++++++--------
> >  2 files changed, 15 insertions(+), 9 deletions(-)
> > 
> > diff --git a/include/net/route.h b/include/net/route.h
> > index a9c60fc68e36..4ff977bd7029 100644
> > --- a/include/net/route.h
> > +++ b/include/net/route.h
> > @@ -183,7 +183,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src,
> >  			 u8 tos, struct net_device *devin);
> >  int ip_route_input_rcu(struct sk_buff *skb, __be32 dst, __be32 src,
> >  		       u8 tos, struct net_device *devin,
> > -		       struct fib_result *res);
> > +		       struct fib_result *res, bool tbl_known);
> >  
> >  int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src,
> >  		      u8 tos, struct net_device *devin,
> > diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> > index d5c57b3f77d5..39cec9883d6f 100644
> > --- a/net/ipv4/route.c
> > +++ b/net/ipv4/route.c
> > @@ -2077,7 +2077,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> >  
> >  static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> >  			       u8 tos, struct net_device *dev,
> > -			       struct fib_result *res)
> > +			       struct fib_result *res, bool tbl_known)
> >  {
> >  	struct in_device *in_dev = __in_dev_get_rcu(dev);
> >  	struct flow_keys *flkeys = NULL, _flkeys;
> > @@ -2109,8 +2109,6 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> >  	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
> >  		goto martian_source;
> >  
> > -	res->fi = NULL;
> > -	res->table = NULL;
> >  	if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
> >  		goto brd_input;
> 
> I believe this also introduces a potential bug. You remove the fi
> initialization yet do not cover the goto case.
> 
> 


-- 
Carmine Scarpitta <carmine.scarpitta@...roma2.it>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ