lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 22 Apr 2020 22:21:20 -0700
From:   Roopa Prabhu <roopa@...ulusnetworks.com>
To:     dsahern@...il.com, davem@...emloft.net
Cc:     netdev@...r.kernel.org, nikolay@...ulusnetworks.com,
        bpoirier@...ulusnetworks.com
Subject: [PATCH net-next 2/2] ipv6: add sysctl to skip route notify on nexthop changes

From: Roopa Prabhu <roopa@...ulusnetworks.com>

Route notifications on nexthop changes exists for backward
compatibility. In systems which have moved to the new
nexthop API, these route update notifications cancel
the performance benefits provided by the new nexthop API.
This patch adds a sysctl to disable these route notifications.

The sysctl check is added in fib6_rt_update which seems
like the least intrusive approach. I have considered adding the
sysctl check in nexthop code that calls fib6_rt_update: But
that requires the sysctl access to be via ipv6_stub.
That seems overkill. I have also considered making fib6_rt_update
ipv6_stub op to take a nexthop, but that creates more problems
with exposing nexthop object to ipv6_stub.

Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
---
 include/net/netns/ipv6.h |  1 +
 net/ipv6/route.c         | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index 5ec0544..25818493 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -51,6 +51,7 @@ struct netns_sysctl_ipv6 {
 	int max_hbh_opts_len;
 	int seg6_flowlabel;
 	bool skip_notify_on_dev_down;
+	bool nexthop_skip_route_notify;
 };
 
 struct netns_ipv6 {
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 310cbdd..d023ba0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -6006,6 +6006,9 @@ void fib6_rt_update(struct net *net, struct fib6_info *rt,
 	struct sk_buff *skb;
 	int err = -ENOBUFS;
 
+	if (net->ipv6.sysctl.nexthop_skip_route_notify)
+		return;
+
 	/* call_fib6_entry_notifiers will be removed when in-kernel notifier
 	 * is implemented and supported for nexthop objects
 	 */
@@ -6188,6 +6191,15 @@ static struct ctl_table ipv6_route_table_template[] = {
 		.extra1		=	SYSCTL_ZERO,
 		.extra2		=	SYSCTL_ONE,
 	},
+	{
+		.procname	=	"nexthop_skip_route_notify",
+		.data		=	&init_net.ipv6.sysctl.nexthop_skip_route_notify,
+		.maxlen		=	sizeof(int),
+		.mode		=	0644,
+		.proc_handler	=	proc_dointvec_minmax,
+		.extra1		=	SYSCTL_ZERO,
+		.extra2		=	SYSCTL_ONE,
+	},
 	{ }
 };
 
@@ -6212,6 +6224,7 @@ struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
 		table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
 		table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
 		table[10].data = &net->ipv6.sysctl.skip_notify_on_dev_down;
+		table[11].data = &net->ipv6.sysctl.nexthop_skip_route_notify;
 
 		/* Don't export sysctls to unprivileged users */
 		if (net->user_ns != &init_user_ns)
@@ -6283,6 +6296,7 @@ static int __net_init ip6_route_net_init(struct net *net)
 	net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
 	net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
 	net->ipv6.sysctl.skip_notify_on_dev_down = 0;
+	net->ipv6.sysctl.nexthop_skip_route_notify = 0;
 
 	net->ipv6.ip6_rt_gc_expire = 30*HZ;
 
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ