| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241015140800.159466-1-dongml2@chinatelecom.cn> Date: Tue, 15 Oct 2024 22:07:50 +0800 From: Menglong Dong <menglong8.dong@...il.com> To: pabeni@...hat.com Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, dsahern@...nel.org, pablo@...filter.org, kadlec@...filter.org, roopa@...dia.com, razor@...ckwall.org, gnault@...hat.com, bigeasy@...utronix.de, idosch@...dia.com, ast@...nel.org, dongml2@...natelecom.cn, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, bridge@...ts.linux.dev, bpf@...r.kernel.org Subject: [PATCH net-next v3 00/10] net: ip: add drop reasons to input route In this series, we mainly add some skb drop reasons to the input path of ip routing, and we make the following functions return drop reasons: fib_validate_source() ip_route_input_mc() ip_mc_validate_source() ip_route_input_slow() ip_route_input_rcu() ip_route_input_noref() ip_route_input() ip_mkroute_input() __mkroute_input() ip_route_use_hint() In order to make fib_validate_source() return drop reasons, we do some refactoring to fib_validate_source() and __fib_validate_source(). The main idea is to combine fib_validate_source() into __fib_validate_source() and make fib_validate_source() an inline call to __fib_validate_source() in the 1st patch. And following new skb drop reasons are added: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE SKB_DROP_REASON_IP_LOCALNET SKB_DROP_REASON_IP_INVALID_DEST Changes since v2: - refactor fib_validate_source and __fib_validate_source to make fib_validate_source return drop reasons - add the 9th and 10th patches to make this series cover the input route code path Changes since v1: - make ip_route_input_noref/ip_route_input_rcu/ip_route_input_slow return drop reasons, instead of passing a local variable to their function arguments. Menglong Dong (10): net: ip: refactor fib_validate_source/__fib_validate_source net: ip: make fib_validate_source() return drop reason net: ip: make ip_route_input_mc() return drop reason net: ip: make ip_mc_validate_source() return drop reason net: ip: make ip_route_input_slow() return drop reasons net: ip: make ip_route_input_rcu() return drop reasons net: ip: make ip_route_input_noref() return drop reasons net: ip: make ip_route_input() return drop reasons net: ip: make ip_mkroute_input/__mkroute_input return drop reasons net: ip: make ip_route_use_hint() return drop reasons include/net/dropreason-core.h | 26 ++++ include/net/ip_fib.h | 18 ++- include/net/route.h | 34 ++--- net/bridge/br_netfilter_hooks.c | 11 +- net/core/lwt_bpf.c | 1 + net/ipv4/fib_frontend.c | 81 ++++++------ net/ipv4/icmp.c | 1 + net/ipv4/ip_fragment.c | 12 +- net/ipv4/ip_input.c | 20 ++- net/ipv4/route.c | 212 ++++++++++++++++++-------------- 10 files changed, 245 insertions(+), 171 deletions(-) -- 2.39.5
Powered by blists - more mailing lists