lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <16cb992b-f695-0388-25cc-8e41f33b0ee9@kernel.org>
Date:   Fri, 8 Apr 2022 22:17:30 -0600
From:   David Ahern <dsahern@...nel.org>
To:     menglong8.dong@...il.com, kuba@...nel.org, pabeni@...hat.com
Cc:     rostedt@...dmis.org, mingo@...hat.com, xeb@...l.ru,
        davem@...emloft.net, yoshfuji@...ux-ipv6.org,
        imagedong@...cent.com, edumazet@...gle.com, kafai@...com,
        talalahmad@...gle.com, keescook@...omium.org, alobakin@...me,
        flyingpeng@...cent.com, mengensun@...cent.com,
        dongli.zhang@...cle.com, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, benbjiang@...cent.com
Subject: Re: [PATCH RESEND net-next v5 4/4] net: icmp: add skb drop reasons to
 icmp protocol

On 4/7/22 12:20 AM, menglong8.dong@...il.com wrote:
> From: Menglong Dong <imagedong@...cent.com>
> 
> Replace kfree_skb() used in icmp_rcv() and icmpv6_rcv() with
> kfree_skb_reason().
> 
> In order to get the reasons of the skb drops after icmp message handle,
> we change the return type of 'handler()' in 'struct icmp_control' from
> 'bool' to 'enum skb_drop_reason'. This may change its original
> intention, as 'false' means failure, but 'SKB_NOT_DROPPED_YET' means
> success now. Therefore, all 'handler' and the call of them need to be
> handled. Following 'handler' functions are involved:
> 
> icmp_unreach()
> icmp_redirect()
> icmp_echo()
> icmp_timestamp()
> icmp_discard()
> 
> And following new drop reasons are added:
> 
> SKB_DROP_REASON_ICMP_CSUM
> SKB_DROP_REASON_INVALID_PROTO
> 
> The reason 'INVALID_PROTO' is introduced for the case that the packet
> doesn't follow rfc 1122 and is dropped. This is not a common case, and
> I believe we can locate the problem from the data in the packet. For now,
> this 'INVALID_PROTO' is used for the icmp broadcasts with wrong types.
> 
> Maybe there should be a document file for these reasons. For example,
> list all the case that causes the 'UNHANDLED_PROTO' and 'INVALID_PROTO'
> drop reason. Therefore, users can locate their problems according to the
> document.
> 
> Reviewed-by: Hao Peng <flyingpeng@...cent.com>
> Reviewed-by: Jiang Biao <benbjiang@...cent.com>
> Signed-off-by: Menglong Dong <imagedong@...cent.com>
> ---
> v5:
> - rename SKB_DROP_REASON_RFC_1122 to SKB_DROP_REASON_INVALID_PROTO
> 
> v4:
> - remove SKB_DROP_REASON_ICMP_TYPE and SKB_DROP_REASON_ICMP_BROADCAST
>   and introduce the SKB_DROP_REASON_RFC_1122
> ---
>  include/linux/skbuff.h     |  5 +++
>  include/net/ping.h         |  2 +-
>  include/trace/events/skb.h |  2 +
>  net/ipv4/icmp.c            | 75 ++++++++++++++++++++++----------------
>  net/ipv4/ping.c            | 14 ++++---
>  net/ipv6/icmp.c            | 24 +++++++-----
>  6 files changed, 75 insertions(+), 47 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ