| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <86d785cd-41de-484d-ae17-ffdb4aa9393e@redhat.com>
Date: Mon, 21 Oct 2024 12:03:05 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Menglong Dong <menglong8.dong@...il.com>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
dsahern@...nel.org, pablo@...filter.org, kadlec@...filter.org,
roopa@...dia.com, razor@...ckwall.org, gnault@...hat.com,
bigeasy@...utronix.de, idosch@...dia.com, ast@...nel.org,
dongml2@...natelecom.cn, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, bridge@...ts.linux.dev, bpf@...r.kernel.org
Subject: Re: [PATCH net-next v3 01/10] net: ip: refactor
fib_validate_source/__fib_validate_source
On 10/15/24 16:07, Menglong Dong wrote:
> @@ -352,6 +353,28 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
> struct flowi4 fl4;
> bool dev_match;
>
> + /* Ignore rp_filter for packets protected by IPsec. */
> + if (!rpf && !fib_num_tclassid_users(net) &&
> + (dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev))) {
> + if (IN_DEV_ACCEPT_LOCAL(idev))
> + goto last_resort;
IMHO the re-usage of the 'last_resort' macro makes the patch a little
hard to read, as this is an 'accept' condition. I think it would be
better to retain the original code. If you really want to avoid the
small duplication, you could instead introduce an 'ok' label towards the
end of this function:
last_resort:
if (rpf)
goto e_rpf;
ok:
*itag = 0;
return 0;
And jump there.
Thanks,
Paolo
Powered by blists - more mailing lists