lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM0EoM=jDt_CeCop82aH=Fch+4M9QawX4aQdKdiUCsdFzuC2rQ@mail.gmail.com>
Date: Tue, 25 Nov 2025 11:20:52 -0500
From: Jamal Hadi Salim <jhs@...atatu.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, 
	jiri@...nulli.us, xiyou.wangcong@...il.com, netdev@...r.kernel.org, 
	dcaratti@...hat.com
Subject: Re: [PATCH net-next 1/2] net/sched: act_mirred: Fix infinite loop

On Mon, Nov 24, 2025 at 5:51 PM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Mon, 24 Nov 2025 15:08:24 -0500 Jamal Hadi Salim wrote:
> > When doing multiport mirroring we dont detect infinite loops.
> >
> > Example (see the first accompanying tdc test):
> > packet showing up on port0 ingress mirred redirect --> port1 egress
> > packet showing up on port1 egress mirred redirect --> port0 ingress
> >
> > Example 2 (see the second accompanying tdc test)
> > port0 egress --> port1 ingress --> port0 egress
> >
> > Fix this by remembering the source dev where mirred ran as opposed to
> > destination/target dev
> >
> > Fixes: fe946a751d9b ("net/sched: act_mirred: add loop detection")
> > Signed-off-by: Jamal Hadi Salim <jhs@...atatu.com>
>
> Hm, this breaks net/fib_tests.sh:
>
> # 23.80 [+0.00] IPv4 rp_filter tests
> # 25.63 [+1.84]     TEST: rp_filter passes local packets                                [FAIL]
> # 26.65 [+1.02]     TEST: rp_filter passes loopback packets                             [FAIL]
>
> https://netdev-3.bots.linux.dev/vmksft-net/results/400301/10-fib-tests-sh/stdout
>
> Not making a statement on whether the fix itself is acceptable
> but if it is we gotta fix that test too..

Sigh. I will look into it later.
Note: Fixing this (and the netem loop issue) would have been trivial
if we had those two skb ttl fields that were taken away.
The human hours spent trying to detect and prevent infinite loops!

cheers,
jamal

> --
> pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ