lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <387a41d6-6e7e-1512-a263-51e7e002baa4@gmail.com>
Date:   Fri, 3 Dec 2021 09:49:56 -0700
From:   David Ahern <dsahern@...il.com>
To:     Andrew Lunn <andrew@...n.ch>, David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Willem de Bruijn <willemb@...gle.com>,
        James Prestwood <prestwoj@...il.com>,
        Justin Iurman <justin.iurman@...ege.be>,
        Praveen Chaudhary <praveen5582@...il.com>,
        "Jason A . Donenfeld" <Jason@...c4.com>,
        Eric Dumazet <edumazet@...gle.com>,
        netdev <netdev@...r.kernel.org>
Subject: Re: [[PATCH net-next v3] 3/3] udp6: Use Segment Routing Header for
 dest address if present

On 12/3/21 9:29 AM, Andrew Lunn wrote:
> diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
> index 73aaabf0e966..4fd7d3793c1b 100644
> --- a/net/ipv6/seg6.c
> +++ b/net/ipv6/seg6.c
> @@ -134,6 +134,27 @@ void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
>  	skb->network_header = network_header;
>  }
>  
> +/* If the packet which invoked an ICMP error contains an SRH return
> + * the true destination address from within the SRH, otherwise use the
> + * destination address in the IP header.
> + */
> +const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
> +				      struct inet6_skb_parm *opt)
> +{
> +	/* ipv6_hdr() does not work here, since this IP header is
> +	 * nested inside an ICMP error report packet
> +	 */
> +	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> +	struct ipv6_sr_hdr *srh;
> +
> +	if (opt->flags & IP6SKB_SEG6) {
> +		srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
> +		return  &srh->segments[0];
> +	}
> +
> +	return &hdr->daddr;
> +}
> +
>  static struct genl_family seg6_genl_family;
>  
>  static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 6a0e569f0bb8..47125d83920a 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -40,6 +40,7 @@
>  #include <net/transp_v6.h>
>  #include <net/ip6_route.h>
>  #include <net/raw.h>
> +#include <net/seg6.h>
>  #include <net/tcp_states.h>
>  #include <net/ip6_checksum.h>
>  #include <net/ip6_tunnel.h>
> @@ -560,8 +561,8 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
>  {
>  	struct ipv6_pinfo *np;
>  	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> +	const struct in6_addr *daddr = seg6_get_daddr(skb, opt);
>  	const struct in6_addr *saddr = &hdr->saddr;
> -	const struct in6_addr *daddr = &hdr->daddr;
>  	struct udphdr *uh = (struct udphdr *)(skb->data+offset);
>  	bool tunnel = false;
>  	struct sock *sk;
> 

I was thinking something like:

	const struct in6_addr *daddr

	daddr = seg6_get_daddr(skb, opt) ? : &hdr->daddr;

where seg6_get_daddr returns NULL if it is not returning an address due
to SR6 and in that case the lookup uses the daddr from the ipv6 hdr.
That keeps the SR6 logic independent.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ