lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Jul 2021 18:46:10 +0200
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Justin Iurman <justin.iurman@...ege.be>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, kuba@...nel.org, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, tom@...bertland.com
Subject: Re: [PATCH net-next v5 2/6] ipv6: ioam: Data plane support for
 Pre-allocated Trace



On 7/20/21 9:42 PM, Justin Iurman wrote:
> Implement support for processing the IOAM Pre-allocated Trace with IPv6,
> see [1] and [2]. Introduce a new IPv6 Hop-by-Hop TLV option, see IANA [3].
> 
> A new per-interface sysctl is introduced. The value is a boolean to accept (=1)
> or ignore (=0, by default) IPv6 IOAM options on ingress for an interface:
>  - net.ipv6.conf.XXX.ioam6_enabled
> 

...

>  }
>  
> +/* IOAM */
> +
> +static bool ipv6_hop_ioam(struct sk_buff *skb, int optoff)
> +{
> +	struct ioam6_trace_hdr *trace;
> +	struct ioam6_namespace *ns;
> +	struct ioam6_hdr *hdr;
> +
> +	/* Bad alignment (must be 4n-aligned) */
> +	if (optoff & 3)
> +		goto drop;
> +
> +	/* Ignore if IOAM is not enabled on ingress */
> +	if (!__in6_dev_get(skb->dev)->cnf.ioam6_enabled)
> +		goto ignore;
> +
> +	/* Truncated Option header */
> +	hdr = (struct ioam6_hdr *)(skb_network_header(skb) + optoff);
> +	if (hdr->opt_len < 2)
> +		goto drop;
> +
> +	switch (hdr->type) {
> +	case IOAM6_TYPE_PREALLOC:
> +		/* Truncated Pre-allocated Trace header */
> +		if (hdr->opt_len < 2 + sizeof(*trace))
> +			goto drop;
> +
> +		/* Malformed Pre-allocated Trace header */
> +		trace = (struct ioam6_trace_hdr *)((u8 *)hdr + sizeof(*hdr));
> +		if (hdr->opt_len < 2 + sizeof(*trace) + trace->remlen * 4)
> +			goto drop;
> +
> +		/* Ignore if the IOAM namespace is unknown */
> +		ns = ioam6_namespace(ipv6_skb_net(skb), trace->namespace_id);
> +		if (!ns)
> +			goto ignore;
> +
> +		if (!skb_valid_dst(skb))
> +			ip6_route_input(skb);
> +
> +		ioam6_fill_trace_data(skb, ns, trace);
> +		break;
> +	default:
> +		break;
> +	}
> +
> +ignore:
> +	return true;
> +
> +drop:
> +	kfree_skb(skb);
> +	return false;
> +}
> +
>  /* Jumbo payload */
>  
>  static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
> @@ -999,6 +1056,10 @@ static const struct tlvtype_proc tlvprochopopt_lst[] = {
>  		.type	= IPV6_TLV_ROUTERALERT,
>  		.func	= ipv6_hop_ra,
>  	},
> +	{
> +		.type	= IPV6_TLV_IOAM,
> +		.func	= ipv6_hop_ioam,
> +	},

It is a bit strange to put a not-yet used option in the midle of the table,
before TLV_JUMBO (that some of us use already...)


>  	{
>  		.type	= IPV6_TLV_JUMBO,
>  		.func	= ipv6_hop_jumbo,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ