lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <614d9840-cd9d-d8b1-0d88-ce07e409068d@ovn.org>
Date:   Wed, 19 May 2021 11:52:50 +0200
From:   Ilya Maximets <i.maximets@....org>
To:     Toms Atteka <cpp.code.lv@...il.com>, netdev@...r.kernel.org
Cc:     i.maximets@....org, "pshelar@....org" <pshelar@....org>,
        "David S. Miller" <davem@...emloft.net>,
        ovs dev <dev@...nvswitch.org>,
        Jakub Kicinski <kuba@...nel.org>, Ben Pfaff <blp@....org>
Subject: Re: [PATCH net-next v2] net: openvswitch: IPv6: Add IPv6 extension
 header support

On 5/17/21 5:20 PM, Toms Atteka wrote:
> IPv6 extension headers carry optional internet layer information
> and are placed between the fixed header and the upper-layer
> protocol header.
> 
> This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and
> packets can be filtered using ipv6_ext flag.
> 
> Tested-at: https://github.com/TomCodeLV/ovs/actions/runs/504185214
> Signed-off-by: Toms Atteka <cpp.code.lv@...il.com>
> ---
>  include/uapi/linux/openvswitch.h |   1 +
>  net/openvswitch/flow.c           | 141 +++++++++++++++++++++++++++++++
>  net/openvswitch/flow.h           |  14 +++
>  net/openvswitch/flow_netlink.c   |   5 +-
>  4 files changed, 160 insertions(+), 1 deletion(-)
> 
> 
> base-commit: 5d869070569a23aa909c6e7e9d010fc438a492ef
> 
> diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
> index 8d16744edc31..a19812b6631a 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -420,6 +420,7 @@ struct ovs_key_ipv6 {
>  	__u8   ipv6_tclass;
>  	__u8   ipv6_hlimit;
>  	__u8   ipv6_frag;	/* One of OVS_FRAG_TYPE_*. */
> +	__u16  ipv6_exthdr;
>  };

Wouldn't this break existing userspace?  Curent OVS expects netlink
message with attribute size equal to the old version of 'struct ovs_key_ipv6'
and it will discard OVS_KEY_ATTR_IPV6 as malformed.

This should likely be a completely new structure and a completely new
OVS_KEY_ATTR.

Best regards, Ilya Maximets.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ