| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Dec 2021 09:49:56 -0700
From: David Ahern <dsahern@...il.com>
To: Andrew Lunn <andrew@...n.ch>, David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
James Prestwood <prestwoj@...il.com>,
Justin Iurman <justin.iurman@...ege.be>,
Praveen Chaudhary <praveen5582@...il.com>,
"Jason A . Donenfeld" <Jason@...c4.com>,
Eric Dumazet <edumazet@...gle.com>,
netdev <netdev@...r.kernel.org>
Subject: Re: [[PATCH net-next v3] 3/3] udp6: Use Segment Routing Header for
dest address if present
On 12/3/21 9:29 AM, Andrew Lunn wrote:
> diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
> index 73aaabf0e966..4fd7d3793c1b 100644
> --- a/net/ipv6/seg6.c
> +++ b/net/ipv6/seg6.c
> @@ -134,6 +134,27 @@ void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
> skb->network_header = network_header;
> }
>
> +/* If the packet which invoked an ICMP error contains an SRH return
> + * the true destination address from within the SRH, otherwise use the
> + * destination address in the IP header.
> + */
> +const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
> + struct inet6_skb_parm *opt)
> +{
> + /* ipv6_hdr() does not work here, since this IP header is
> + * nested inside an ICMP error report packet
> + */
> + const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> + struct ipv6_sr_hdr *srh;
> +
> + if (opt->flags & IP6SKB_SEG6) {
> + srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
> + return &srh->segments[0];
> + }
> +
> + return &hdr->daddr;
> +}
> +
> static struct genl_family seg6_genl_family;
>
> static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 6a0e569f0bb8..47125d83920a 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -40,6 +40,7 @@
> #include <net/transp_v6.h>
> #include <net/ip6_route.h>
> #include <net/raw.h>
> +#include <net/seg6.h>
> #include <net/tcp_states.h>
> #include <net/ip6_checksum.h>
> #include <net/ip6_tunnel.h>
> @@ -560,8 +561,8 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
> {
> struct ipv6_pinfo *np;
> const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> + const struct in6_addr *daddr = seg6_get_daddr(skb, opt);
> const struct in6_addr *saddr = &hdr->saddr;
> - const struct in6_addr *daddr = &hdr->daddr;
> struct udphdr *uh = (struct udphdr *)(skb->data+offset);
> bool tunnel = false;
> struct sock *sk;
>
I was thinking something like:
const struct in6_addr *daddr
daddr = seg6_get_daddr(skb, opt) ? : &hdr->daddr;
where seg6_get_daddr returns NULL if it is not returning an address due
to SR6 and in that case the lookup uses the daddr from the ipv6 hdr.
That keeps the SR6 logic independent.
Powered by blists - more mailing lists