| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aNayt5IBiX1Vegbr@horms.kernel.org>
Date: Fri, 26 Sep 2025 16:35:19 +0100
From: Simon Horman <horms@...nel.org>
To: Daniel Zahka <daniel.zahka@...il.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
Breno Leitao <leitao@...ian.org>, Petr Machata <petrm@...dia.com>,
Yuyang Huang <yuyanghuang@...gle.com>,
Xiao Liang <shaw.leon@...il.com>,
Carolina Jubran <cjubran@...dia.com>,
Donald Hunter <donald.hunter@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next 1/9] netdevsim: a basic test PSP implementation
On Wed, Sep 24, 2025 at 12:49:47PM -0700, Daniel Zahka wrote:
> From: Jakub Kicinski <kuba@...nel.org>
>
> Provide a PSP implementation for netdevsim.
>
> Use psp_dev_encapsulate() and psp_dev_rcv() to do actual encapsulation
> and decapsulation on skbs, but perform no encryption or decryption. In
> order to make encryption with a bad key result in a drop on the peer's
> rx side, we stash our psd's generation number in the first byte of each
> key before handing to the peer.
>
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
> Co-developed-by: Daniel Zahka <daniel.zahka@...il.com>
> Signed-off-by: Daniel Zahka <daniel.zahka@...il.com>
...
> diff --git a/drivers/net/netdevsim/psp.c b/drivers/net/netdevsim/psp.c
> new file mode 100644
> index 000000000000..cb568f89eb3e
> --- /dev/null
> +++ b/drivers/net/netdevsim/psp.c
> @@ -0,0 +1,218 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#include <linux/ip.h>
> +#include <linux/skbuff.h>
> +#include <net/ip6_checksum.h>
> +#include <net/psp.h>
> +#include <net/sock.h>
> +
> +#include "netdevsim.h"
> +
> +enum skb_drop_reason
> +nsim_do_psp(struct sk_buff *skb, struct netdevsim *ns,
> + struct netdevsim *peer_ns, struct skb_ext **psp_ext)
> +{
...
> + } else {
> + struct ipv6hdr *ip6h;
> + struct iphdr *iph;
> + struct udphdr *uh;
> + __wsum csum;
> +
> + /* Do not decapsulate. Receive the skb with the udp and psp
> + * headers still there as if this is a normal udp packet.
> + * psp_dev_encapsulate() sets udp checksum to 0, so we need to
> + * provide a valid checksum here, so the skb isn't dropped.
> + */
> + uh = udp_hdr(skb);
> + csum = skb_checksum(skb, skb_transport_offset(skb),
> + ntohs(uh->len), 0);
> +
> + switch (skb->protocol) {
> + case htons(ETH_P_IP):
> + iph = ip_hdr(skb);
> + uh->check = udp_v4_check(ntohs(uh->len), iph->saddr,
> + iph->daddr, csum);
> + break;
> +#if IS_ENABLED(CONFIG_IPV6)
> + case htons(ETH_P_IPV6):
> + ip6h = ipv6_hdr(skb);
ip6h is only used here. Which means that if CONFIG_IPV6 is not set then
compilers - e.g GCC 15.2.0 and Clang 21.1.1 - will warn when run with
-Wunused-variable.
Maybe no one cares. But if the scope of ip6h was reduced to here,
say by making this a block (using {}) and declaring iph6 inside it,
or using a helper, then things might be a bit cleaner.
> + uh->check = udp_v6_check(ntohs(uh->len), &ip6h->saddr,
> + &ip6h->daddr, csum);
> + break;
> +#endif
> + }
> +
> + uh->check = uh->check ?: CSUM_MANGLED_0;
> + skb->ip_summed = CHECKSUM_NONE;
> + }
> +
> +out_unlock:
> + rcu_read_unlock();
> + return rc;
> +}
...
Powered by blists - more mailing lists