lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 13 Mar 2020 14:05:50 +0200
From:   Petr Machata <petrm@...lanox.com>
To:     netdev@...r.kernel.org
Cc:     Petr Machata <petrm@...lanox.com>, Xin Long <lucien.xin@...il.com>,
        William Tu <u9012063@...il.com>
Subject: [PATCH iproute2-next] ip: link_gre: Do not send ERSPAN attributes to GRE tunnels

In the commit referenced below, ip link started sending ERSPAN-specific
attributes even for GRE and gretap tunnels. Fix by more carefully
distinguishing between the GRE/tap and ERSPAN modes. Do not show
ERSPAN-related help in GRE/tap mode, likewise do not accept ERSPAN
arguments, or send ERSPAN attributes.

Fixes: 83c543af872e ("erspan: set erspan_ver to 1 by default")
Signed-off-by: Petr Machata <petrm@...lanox.com>
---
 ip/link_gre.c | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/ip/link_gre.c b/ip/link_gre.c
index e42f21ae..d616a970 100644
--- a/ip/link_gre.c
+++ b/ip/link_gre.c
@@ -23,8 +23,15 @@
 #include "ip_common.h"
 #include "tunnel.h"
 
+static bool gre_is_erspan(struct link_util *lu)
+{
+	return !strcmp(lu->id, "erspan");
+}
+
 static void gre_print_help(struct link_util *lu, int argc, char **argv, FILE *f)
 {
+	bool is_erspan = gre_is_erspan(lu);
+
 	fprintf(f,
 		"Usage: ... %-9s	[ remote ADDR ]\n"
 		"			[ local ADDR ]\n"
@@ -44,18 +51,20 @@ static void gre_print_help(struct link_util *lu, int argc, char **argv, FILE *f)
 		"			[ encap-dport PORT ]\n"
 		"			[ [no]encap-csum ]\n"
 		"			[ [no]encap-csum6 ]\n"
-		"			[ [no]encap-remcsum ]\n"
-		"			[ erspan_ver version ]\n"
-		"			[ erspan IDX ]\n"
-		"			[ erspan_dir { ingress | egress } ]\n"
-		"			[ erspan_hwid hwid ]\n"
+		"			[ [no]encap-remcsum ]\n", lu->id);
+	if (is_erspan)
+		fprintf(f,
+			"			[ erspan_ver version ]\n"
+			"			[ erspan IDX ]\n"
+			"			[ erspan_dir { ingress | egress } ]\n"
+			"			[ erspan_hwid hwid ]\n");
+	fprintf(f,
 		"\n"
 		"Where:	ADDR := { IP_ADDRESS | any }\n"
 		"	TOS  := { NUMBER | inherit }\n"
 		"	TTL  := { 1..255 | inherit }\n"
 		"	KEY  := { DOTTED_QUAD | NUMBER }\n"
-		"	MARK := { 0x0..0xffffffff }\n",
-		lu->id);
+		"	MARK := { 0x0..0xffffffff }\n");
 }
 
 static int gre_parse_opt(struct link_util *lu, int argc, char **argv,
@@ -93,6 +102,7 @@ static int gre_parse_opt(struct link_util *lu, int argc, char **argv,
 	__u16 encapdport = 0;
 	__u8 metadata = 0;
 	__u32 fwmark = 0;
+	bool is_erspan = gre_is_erspan(lu);
 	__u32 erspan_idx = 0;
 	__u8 erspan_ver = 1;
 	__u8 erspan_dir = 0;
@@ -334,19 +344,19 @@ get_failed:
 			NEXT_ARG();
 			if (get_u32(&fwmark, *argv, 0))
 				invarg("invalid fwmark\n", *argv);
-		} else if (strcmp(*argv, "erspan") == 0) {
+		} else if (is_erspan && strcmp(*argv, "erspan") == 0) {
 			NEXT_ARG();
 			if (get_u32(&erspan_idx, *argv, 0))
 				invarg("invalid erspan index\n", *argv);
 			if (erspan_idx & ~((1<<20) - 1) || erspan_idx == 0)
 				invarg("erspan index must be > 0 and <= 20-bit\n", *argv);
-		} else if (strcmp(*argv, "erspan_ver") == 0) {
+		} else if (is_erspan && strcmp(*argv, "erspan_ver") == 0) {
 			NEXT_ARG();
 			if (get_u8(&erspan_ver, *argv, 0))
 				invarg("invalid erspan version\n", *argv);
 			if (erspan_ver != 1 && erspan_ver != 2)
 				invarg("erspan version must be 1 or 2\n", *argv);
-		} else if (strcmp(*argv, "erspan_dir") == 0) {
+		} else if (is_erspan && strcmp(*argv, "erspan_dir") == 0) {
 			NEXT_ARG();
 			if (matches(*argv, "ingress") == 0)
 				erspan_dir = 0;
@@ -354,7 +364,7 @@ get_failed:
 				erspan_dir = 1;
 			else
 				invarg("Invalid erspan direction.", *argv);
-		} else if (strcmp(*argv, "erspan_hwid") == 0) {
+		} else if (is_erspan && strcmp(*argv, "erspan_hwid") == 0) {
 			NEXT_ARG();
 			if (get_u16(&erspan_hwid, *argv, 0))
 				invarg("invalid erspan hwid\n", *argv);
@@ -402,7 +412,7 @@ get_failed:
 		addattr32(n, 1024, IFLA_GRE_LINK, link);
 	addattr_l(n, 1024, IFLA_GRE_TTL, &ttl, 1);
 	addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
-	if (erspan_ver) {
+	if (is_erspan) {
 		addattr8(n, 1024, IFLA_GRE_ERSPAN_VER, erspan_ver);
 		if (erspan_ver == 1 && erspan_idx != 0) {
 			addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ