lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230407200319.72fd763f@kernel.org>
Date:   Fri, 7 Apr 2023 20:03:19 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     <yang.yang29@....com.cn>
Cc:     <davem@...emloft.net>, <edumazet@...gle.com>, <pabeni@...hat.com>,
        <roopa@...dia.com>, <linux-kernel@...r.kernel.org>,
        <netdev@...r.kernel.org>, <bridge@...ts.linux-foundation.org>,
        <zhang.yunkai@....com.cn>, <jiang.xuexin@....com.cn>
Subject: Re: [PATCH net-next] net/bridge: add drop reasons for bridge
 forwarding

On Thu, 6 Apr 2023 19:30:34 +0800 (CST) yang.yang29@....com.cn wrote:
> From: xu xin <xu.xin16@....com.cn>
> 
> This creates six drop reasons as follows, which will help users know the
> specific reason why bridge drops the packets when forwarding.
> 
> 1) SKB_DROP_REASON_BRIDGE_FWD_NO_BACKUP_PORT: failed to get a backup
>    port link when the destination port is down.
> 
> 2) SKB_DROP_REASON_BRIDGE_FWD_SAME_PORT: destination port is the same
>    with originating port when forwarding by a bridge.
> 
> 3) SKB_DROP_REASON_BRIDGE_NON_FORWARDING_STATE: the bridge's state is
>    not forwarding.
> 
> 4) SKB_DROP_REASON_BRIDGE_NOT_ALLOWED_EGRESS: the packet is not allowed
>    to go out through the port due to vlan filtering.
> 
> 5) SKB_DROP_REASON_BRIDGE_SWDEV_NOT_ALLOWED_EGRESS: the packet is not
>    allowed to go out through the port which is offloaded by a hardware
>    switchdev, checked by nbp_switchdev_allowed_egress().
> 
> 6) SKB_DROP_REASON_BRIDGE_BOTH_PORT_ISOLATED: both source port and dest
>    port are in BR_ISOLATED state when bridge forwarding.

> @@ -338,6 +344,33 @@ enum skb_drop_reason {
>  	 * for another host.
>  	 */
>  	SKB_DROP_REASON_IPV6_NDISC_NS_OTHERHOST,
> +	/** @SKB_DROP_REASON_BRIDGE_FWD_NO_BACKUP_PORT: failed to get a backup
> +	 * port link when the destination port is down.
> +	 */

That's not valid kdoc. Text can be on the same line as the value only
in one-line comments. Otherwise:
	/**
	 * @VALUE: bla bla bla
	 *	more blas.
	 */

> +static inline bool should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb,
> +					 enum skb_drop_reason *need_reason)
>  {
>  	struct net_bridge_vlan_group *vg;
> +	enum skb_drop_reason reason;
> 
>  	vg = nbp_vlan_group_rcu(p);
> -	return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
> -		p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
> -		nbp_switchdev_allowed_egress(p, skb) &&
> -		!br_skb_isolated(p, skb);
> +	if (!(p->flags & BR_HAIRPIN_MODE) && skb->dev == p->dev) {
> +		reason = SKB_DROP_REASON_BRIDGE_FWD_SAME_PORT;
> +		goto undeliverable;
> +	}
> +	if (p->state != BR_STATE_FORWARDING) {
> +		reason = SKB_DROP_REASON_BRIDGE_NON_FORWARDING_STATE;
> +		goto undeliverable;
> +	}
> +	if (!br_allowed_egress(vg, skb)) {
> +		reason = SKB_DROP_REASON_BRIDGE_NOT_ALLOWED_EGRESS;
> +		goto undeliverable;
> +	}
> +	if (!nbp_switchdev_allowed_egress(p, skb)) {
> +		reason = SKB_DROP_REASON_BRIDGE_SWDEV_NOT_ALLOWED_EGRESS;
> +		goto undeliverable;
> +	}
> +	if (br_skb_isolated(p, skb)) {
> +		reason = SKB_DROP_REASON_BRIDGE_BOTH_PORT_ISOLATED;
> +		goto undeliverable;
> +	}
> +	return true;
> +
> +undeliverable:
> +	if (need_reason)
> +		*need_reason = reason;
> +	return false;

You can return the reason from this function. That's the whole point of
SKB_NOT_DROPPED_YET existing and being equal to 0.

Which is not to say that I know whether the reasons are worth adding
here. We'll need to hear from bridge experts on that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ