| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6d950048-4647-4e10-a4db-7c53d0cfabd9@kernel.org>
Date: Fri, 21 Nov 2025 09:38:13 -0700
From: David Ahern <dsahern@...nel.org>
To: Justin Iurman <justin.iurman@...ege.be>, davem@...emloft.net
Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Subject: Re: [PATCH net] uapi: ioam6: adjust the maximum size of a schema
On 11/21/25 2:23 AM, Justin Iurman wrote:
> On 11/20/25 17:33, Justin Iurman wrote:
>> With IPv6, the maximum size of the IOAM Pre-allocated Trace is 244 bytes
>> (see IOAM6_TRACE_DATA_SIZE_MAX), due to IPv6 Options length constraint.
>> However, RFC9197 defines the Opaque State Snapshot (i.e., a data field
>> that may be added by IOAM nodes in the pre-allocated trace) as follows:
>>
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Length | Schema ID |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | |
>> ~ Opaque data ~
>> | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>> Length:
>> 1-octet unsigned integer. It is the length in multiples of 4
>> octets of the Opaque data field that follows Schema ID.
>>
>> Schema ID:
>> 3-octet unsigned integer identifying the schema of Opaque data.
>>
>> Opaque data:
>> Variable-length field. This field is interpreted as specified by
>> the schema identified by the Schema ID.
>>
>> Based on that, IOAM6_MAX_SCHEMA_DATA_LEN was initially set to 1020 bytes
>> (i.e., 255 * 4), which is already bigger than what is allowed in a
>> pre-allocated trace. As a result, if the Opaque State Snapshot (i.e.,
>> schema) configured on an IOAM node exceeds 244 bytes, it would just
>> skip the insertion of its data. This patch sets a more realistic
>> boundary to avoid any confusion. Now, IOAM6_MAX_SCHEMA_DATA_LEN is set
>> to 240 bytes (i.e., IOAM6_TRACE_DATA_SIZE_MAX - 4, to account for its
>> 4-byte header).
>>
>> Fixes: 8c6f6fa67726 ("ipv6: ioam: IOAM Generic Netlink API")
>> Signed-off-by: Justin Iurman <justin.iurman@...ege.be>
>> ---
>> Cc: Jakub Kicinski <kuba@...nel.org>
>> Cc: Paolo Abeni <pabeni@...hat.com>
>> ---
>> include/uapi/linux/ioam6_genl.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/uapi/linux/ioam6_genl.h
>> b/include/uapi/linux/ioam6_genl.h
>> index 1733fbc51fb5..ce3d8bdabd3b 100644
>> --- a/include/uapi/linux/ioam6_genl.h
>> +++ b/include/uapi/linux/ioam6_genl.h
>> @@ -19,7 +19,7 @@ enum {
>> IOAM6_ATTR_NS_DATA, /* u32 */
>> IOAM6_ATTR_NS_DATA_WIDE,/* u64 */
>> -#define IOAM6_MAX_SCHEMA_DATA_LEN (255 * 4)
>> +#define IOAM6_MAX_SCHEMA_DATA_LEN 240
>> IOAM6_ATTR_SC_ID, /* u32 */
>> IOAM6_ATTR_SC_DATA, /* Binary */
>> IOAM6_ATTR_SC_NONE, /* Flag */
>
> So, just to clarify, I know such changes in the uapi are generally
> prohibited. However, in this specific context, I don't believe it breaks
> backward compatibility (IMO). But I may be wrong...
>
> Adding David to get his opinion from iproute2's point of view.
>
> If we don't want to go that way, the alternative solution is to submit a
> patch to net-next that adds a new constant IOAM6_MAX_SCHEMA_DATA_LEN_NEW
> (=240) and a comment "/* Deprecated */" next to
> IOAM6_MAX_SCHEMA_DATA_LEN. Then, submit a patch to iproute2-next to use
> IOAM6_MAX_SCHEMA_DATA_LEN_NEW instead of IOAM6_MAX_SCHEMA_DATA_LEN.
It's been 4+ years since 8c6f6fa67726 went in; I think that is way too
long to try to make a change to the uapi like this.
Powered by blists - more mailing lists