| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Jan 2021 10:33:14 -0700
From: David Ahern <dsahern@...il.com>
To: Suprit Japagal <suprit.japagal@...il.com>, davem@...emloft.net,
yoshfuji@...ux-ipv6.org, dsahern@...nel.org,
David Lebrun <david.lebrun@...ouvain.be>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH] NET: SRv6: seg6_local: Fixed SRH processing when segments
left is 0
[ cc David Lebrun, author of the original code ]
On 1/31/21 6:08 AM, Suprit Japagal wrote:
> From: "Suprit.Japagal" <suprit.japagal@...il.com>
>
> According to the standard IETF RFC 8754, section 4.3.1.1
> (https://tools.ietf.org/html/rfc8754#section-4.3.1.1)
> When the segments left in SRH equals to 0, proceed to process the
> next header in the packet, whose type is identified by the
> Next header field of the routing header.
>
> Signed-off-by: Suprit.Japagal <suprit.japagal@...il.com>
> ---
> net/ipv6/seg6_local.c | 54 +++++++++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 48 insertions(+), 6 deletions(-)
>
> diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c
> index b07f7c1..b17f9dc 100644
> --- a/net/ipv6/seg6_local.c
> +++ b/net/ipv6/seg6_local.c
> @@ -273,11 +273,25 @@ static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt)
> {
> struct ipv6_sr_hdr *srh;
>
> - srh = get_and_validate_srh(skb);
> + srh = get_srh(skb);
> if (!srh)
> goto drop;
>
> - advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> +#ifdef CONFIG_IPV6_SEG6_HMAC
> + if (srh->segments_left > 0)
> + if (!seg6_hmac_validate_skb(skb))
> + goto drop;
> +#endif
> +
> + if (srh->segments_left == 0) {
> + if (!decap_and_validate(skb, srh->nexthdr))
> + goto drop;
> +
> + if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
> + goto drop;
> + } else {
> + advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> + }
>
> seg6_lookup_nexthop(skb, NULL, 0);
>
> @@ -293,11 +307,25 @@ static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt)
> {
> struct ipv6_sr_hdr *srh;
>
> - srh = get_and_validate_srh(skb);
> + srh = get_srh(skb);
> if (!srh)
> goto drop;
>
> - advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> +#ifdef CONFIG_IPV6_SEG6_HMAC
> + if (srh->segments_left > 0)
> + if (!seg6_hmac_validate_skb(skb))
> + goto drop;
> +#endif
> +
> + if (srh->segments_left == 0) {
> + if (!decap_and_validate(skb, srh->nexthdr))
> + goto drop;
> +
> + if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
> + goto drop;
> + } else {
> + advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> + }
>
> seg6_lookup_nexthop(skb, &slwt->nh6, 0);
>
> @@ -312,11 +340,25 @@ static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt)
> {
> struct ipv6_sr_hdr *srh;
>
> - srh = get_and_validate_srh(skb);
> + srh = get_srh(skb);
> if (!srh)
> goto drop;
>
> - advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> +#ifdef CONFIG_IPV6_SEG6_HMAC
> + if (srh->segments_left > 0)
> + if (!seg6_hmac_validate_skb(skb))
> + goto drop;
> +#endif
> +
> + if (srh->segments_left == 0) {
> + if (!decap_and_validate(skb, srh->nexthdr))
> + goto drop;
> +
> + if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
> + goto drop;
> + } else {
> + advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
> + }
>
> seg6_lookup_nexthop(skb, NULL, slwt->table);
>
>
Powered by blists - more mailing lists