lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250627152934.6379eefc@kernel.org>
Date: Fri, 27 Jun 2025 15:29:34 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Cc: "David S . Miller" <davem@...emloft.net>, Paolo Abeni
 <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, Simon Horman
 <horms@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2] ip6_tunnel: enable to change proto of fb
 tunnels

On Thu, 26 Jun 2025 23:55:09 +0200 Nicolas Dichtel wrote:
> I finally checked  all params, let's do this properly (:

Nice :)

> -static void ip6_tnl0_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
> +static int ip6_tnl0_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p,
> +			   bool strict)
>  {
> -	/* for default tnl0 device allow to change only the proto */
> +	/* For the default ip6tnl0 device, allow changing only the protocol (the

nit: the "(the" may look better on the next line?

> +	 * IP6_TNL_F_CAP_PER_PACKET flag is set on ip6tnl0, and all other
> +	 * parameters are 0).
> +	 */
> +	if (strict &&
> +	    (!ipv6_addr_any(&p->laddr) || !ipv6_addr_any(&p->raddr) ||
> +	     p->flags != t->parms.flags || p->hop_limit || p->encap_limit ||
> +	     p->flowinfo || p->link || p->fwmark || p->collect_md))
> +		return -EINVAL;
> +
>  	t->parms.proto = p->proto;
>  	netdev_state_change(t->dev);
> +	return 0;
>  }
>  
>  static void
> @@ -1680,7 +1691,7 @@ ip6_tnl_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
>  			} else
>  				t = netdev_priv(dev);
>  			if (dev == ip6n->fb_tnl_dev)
> -				ip6_tnl0_update(t, &p1);
> +				ip6_tnl0_update(t, &p1, false);
>  			else
>  				ip6_tnl_update(t, &p1);
>  		}
> @@ -2053,8 +2064,31 @@ static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[],
>  	struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
>  	struct ip_tunnel_encap ipencap;
>  
> -	if (dev == ip6n->fb_tnl_dev)
> -		return -EINVAL;
> +	if (dev == ip6n->fb_tnl_dev) {
> +		struct ip6_tnl *t = netdev_priv(ip6n->fb_tnl_dev);

the compiler complains that t is declared here but not used..

> +
> +		if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
> +			/* iproute2 always sets TUNNEL_ENCAP_FLAG_CSUM6, so
> +			 * let's ignore this flag.
> +			 */
> +			ipencap.flags &= ~TUNNEL_ENCAP_FLAG_CSUM6;
> +			if (memchr_inv(&ipencap, 0, sizeof(ipencap))) {
> +				NL_SET_ERR_MSG(extack,
> +					       "Only protocol can be changed for fallback tunnel, not encap params");
> +				return -EINVAL;
> +			}
> +		}
> +
> +		ip6_tnl_netlink_parms(data, &p);
> +		if (ip6_tnl0_update(netdev_priv(ip6n->fb_tnl_dev), &p,

.. you probably meant to use it here?
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ