lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220103171132.93456-1-andrew@lunn.ch> Date: Mon, 3 Jan 2022 18:11:29 +0100 From: Andrew Lunn <andrew@...n.ch> To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org> Cc: Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, David Ahern <dsahern@...nel.org>, Willem de Bruijn <willemb@...gle.com>, James Prestwood <prestwoj@...il.com>, Justin Iurman <justin.iurman@...ege.be>, Praveen Chaudhary <praveen5582@...il.com>, "Jason A . Donenfeld" <Jason@...c4.com>, Eric Dumazet <edumazet@...gle.com>, netdev <netdev@...r.kernel.org>, Andrew Lunn <andrew@...n.ch> Subject: [PATCH v5 net-next 0/3] Fix traceroute in the presence of SRv6 When using SRv6 the destination IP address in the IPv6 header is not always the true destination, it can be a router along the path that SRv6 is using. When ICMP reports an error, e.g, time exceeded, which is what traceroute uses, it included the packet which invoked the error into the ICMP message body. Upon receiving such an ICMP packet, the invoking packet is examined and an attempt is made to find the socket which sent the packet, so the error can be reported. Lookup is performed using the source and destination address. If the intermediary router IP address from the IP header is used, the lookup fails. It is necessary to dig into the header and find the true destination address in the Segment Router header, SRH. v2: Play games with the skb->network_header rather than clone the skb v3: Move helpers into seg6.c v4: Move short helper into header file. Rework getting SRH destination address v5: Fix comment to describe function, not caller Patch 1 exports a helper which can find the SRH in a packet Patch 2 does the actual examination of the invoking packet Patch 3 makes use of the results when trying to find the socket. Andrew Lunn (3): seg6: export get_srh() for ICMP handling icmp: ICMPV6: Examine invoking packet for Segment Route Headers. udp6: Use Segment Routing Header for dest address if present include/linux/ipv6.h | 2 ++ include/net/seg6.h | 21 +++++++++++++++ net/ipv6/icmp.c | 6 ++++- net/ipv6/seg6.c | 59 +++++++++++++++++++++++++++++++++++++++++++ net/ipv6/seg6_local.c | 33 ++---------------------- net/ipv6/udp.c | 3 ++- 6 files changed, 91 insertions(+), 33 deletions(-) -- 2.34.1
Powered by blists - more mailing lists