lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251120163342.30312-1-justin.iurman@uliege.be>
Date: Thu, 20 Nov 2025 17:33:42 +0100
From: Justin Iurman <justin.iurman@...ege.be>
To: davem@...emloft.net,
	justin.iurman@...ege.be
Cc: netdev@...r.kernel.org,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>
Subject: [PATCH net] uapi: ioam6: adjust the maximum size of a schema

With IPv6, the maximum size of the IOAM Pre-allocated Trace is 244 bytes
(see IOAM6_TRACE_DATA_SIZE_MAX), due to IPv6 Options length constraint.
However, RFC9197 defines the Opaque State Snapshot (i.e., a data field
that may be added by IOAM nodes in the pre-allocated trace) as follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Length      |                     Schema ID                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                        Opaque data                            ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:
      1-octet unsigned integer.  It is the length in multiples of 4
      octets of the Opaque data field that follows Schema ID.

   Schema ID:
      3-octet unsigned integer identifying the schema of Opaque data.

   Opaque data:
      Variable-length field.  This field is interpreted as specified by
      the schema identified by the Schema ID.

Based on that, IOAM6_MAX_SCHEMA_DATA_LEN was initially set to 1020 bytes
(i.e., 255 * 4), which is already bigger than what is allowed in a
pre-allocated trace. As a result, if the Opaque State Snapshot (i.e.,
schema) configured on an IOAM node exceeds 244 bytes, it would just
skip the insertion of its data. This patch sets a more realistic
boundary to avoid any confusion. Now, IOAM6_MAX_SCHEMA_DATA_LEN is set
to 240 bytes (i.e., IOAM6_TRACE_DATA_SIZE_MAX - 4, to account for its
4-byte header).

Fixes: 8c6f6fa67726 ("ipv6: ioam: IOAM Generic Netlink API")
Signed-off-by: Justin Iurman <justin.iurman@...ege.be>
---
Cc: Jakub Kicinski <kuba@...nel.org>
Cc: Paolo Abeni <pabeni@...hat.com>
---
 include/uapi/linux/ioam6_genl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/uapi/linux/ioam6_genl.h b/include/uapi/linux/ioam6_genl.h
index 1733fbc51fb5..ce3d8bdabd3b 100644
--- a/include/uapi/linux/ioam6_genl.h
+++ b/include/uapi/linux/ioam6_genl.h
@@ -19,7 +19,7 @@ enum {
 	IOAM6_ATTR_NS_DATA,	/* u32 */
 	IOAM6_ATTR_NS_DATA_WIDE,/* u64 */
 
-#define IOAM6_MAX_SCHEMA_DATA_LEN (255 * 4)
+#define IOAM6_MAX_SCHEMA_DATA_LEN 240
 	IOAM6_ATTR_SC_ID,	/* u32 */
 	IOAM6_ATTR_SC_DATA,	/* Binary */
 	IOAM6_ATTR_SC_NONE,	/* Flag */
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ