lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 27 May 2020 12:59:52 +0000
From:   Fengtiantian <>
To:     "David S. Miller" <>,
        "open list:NETWORKING [GENERAL" <>,
        open list <>,
        Michał Mirosław <>,
        "Daniel Borkmann" <>,
        Stanislav Fomichev <>,
        "Jiri Pirko" <>, Arnd Bergmann <>,
        Hadar Hen Zion <>
CC:     "Huangweidong (C)" <>,
        yuehaibing <>
Subject: [patch] flow_dissector:  Fix wrong vlan header offset in

We use the openvswitch 2.7.0 and find the issue when ovs use the skb_get_hash() to get the hash of QinQ skb. Because the
__skb_flow_dissect() get the wrong vlan protocol headers.

Someone report bonding driver has the same issue use the
__skb_flow_dissect() to count hash in bond_xmit_hash:

Because in netif_receive_skb, the skb_network_header points to vlan head, but in dev_hard_start_xmit, the skb_network_header points to IP header. So use the skb_network_offset to get the vlan head is not reliable.

Should we use the skb_mac_offset instead the skb_network_offset to get the vlan head when proto is ETH_P_8021AD or ETH_P_8021Q?

Signed-off-by: Feng tiantian <>
 net/core/flow_dissector.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 415b95f..9a77d5d 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -629,6 +629,13 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
 			 skb->vlan_proto : skb->protocol;
 		nhoff = skb_network_offset(skb);
 		hlen = skb_headlen(skb);
+		if (proto == htons(ETH_P_8021AD) ||
+		    proto == htons(ETH_P_8021Q)) {
+			if (skb_mac_header_was_set(skb))
+				nhoff = skb_mac_offset(skb) + ETH_HLEN;
+		}
 		if (unlikely(skb->dev && netdev_uses_dsa(skb->dev))) {
 			const struct dsa_device_ops *ops;

Powered by blists - more mailing lists