| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230711065903.3671956-1-idosch@nvidia.com>
Date: Tue, 11 Jul 2023 09:59:03 +0300
From: Ido Schimmel <idosch@...dia.com>
To: <netdev@...r.kernel.org>
CC: <stephen@...workplumber.org>, <dsahern@...il.com>, <petrm@...dia.com>,
<lukasz.czapnik@...el.com>, Ido Schimmel <idosch@...dia.com>
Subject: [PATCH iproute2] f_flower: Treat port 0 as valid
It is not currently possible to add a filter matching on port 0 despite
it being a valid port number. This is caused by cited commit which
treats a value of 0 as an indication that the port was not specified.
Instead of inferring that a port range was specified by checking that both
the minimum and the maximum ports are non-zero, simply add a boolean
argument to parse_range() and set it after parsing a port range.
Before:
# tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass
Illegal "src_port"
# tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass
Illegal "dst_port"
# tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass
Illegal "src_port"
# tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass
Illegal "dst_port"
After:
# tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass
# tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass
# tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass
# tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass
# tc filter show dev swp1 ingress | grep _port
src_port 0
dst_port 0
src_port 0-100
dst_port 0-100
Fixes: 767b6fd620dd ("tc: flower: fix port value truncation")
Signed-off-by: Ido Schimmel <idosch@...dia.com>
Reviewed-by: Petr Machata <petrm@...dia.com>
---
tc/f_flower.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/tc/f_flower.c b/tc/f_flower.c
index c71394f753a6..737df199acf8 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -735,7 +735,7 @@ static int flower_port_range_attr_type(__u8 ip_proto, enum flower_endpoint type,
}
/* parse range args in format 10-20 */
-static int parse_range(char *str, __be16 *min, __be16 *max)
+static int parse_range(char *str, __be16 *min, __be16 *max, bool *p_is_range)
{
char *sep;
@@ -748,6 +748,8 @@ static int parse_range(char *str, __be16 *min, __be16 *max)
if (get_be16(max, sep + 1, 10))
return -1;
+
+ *p_is_range = true;
} else {
if (get_be16(min, str, 10))
return -1;
@@ -759,19 +761,20 @@ static int flower_parse_port(char *str, __u8 ip_proto,
enum flower_endpoint endpoint,
struct nlmsghdr *n)
{
+ bool is_range = false;
char *slash = NULL;
__be16 min = 0;
__be16 max = 0;
int ret;
- ret = parse_range(str, &min, &max);
+ ret = parse_range(str, &min, &max, &is_range);
if (ret) {
slash = strchr(str, '/');
if (!slash)
return -1;
}
- if (min && max) {
+ if (is_range) {
__be16 min_port_type, max_port_type;
if (ntohs(max) <= ntohs(min)) {
@@ -784,7 +787,7 @@ static int flower_parse_port(char *str, __u8 ip_proto,
addattr16(n, MAX_MSG, min_port_type, min);
addattr16(n, MAX_MSG, max_port_type, max);
- } else if (slash || (min && !max)) {
+ } else {
int type;
type = flower_port_attr_type(ip_proto, endpoint);
@@ -802,8 +805,6 @@ static int flower_parse_port(char *str, __u8 ip_proto,
return -1;
return flower_parse_u16(str, type, mask_type, n, true);
}
- } else {
- return -1;
}
return 0;
}
--
2.40.1
Powered by blists - more mailing lists