<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-toradex.git/net/core/flow_dissector.c, branch v3.4.103</title>
<subtitle>Linux kernel for Apalis and Colibri modules</subtitle>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/'/>
<entry>
<title>net: flow_dissector: fail on evil iph-&gt;ihl</title>
<updated>2013-11-20T18:43:18+00:00</updated>
<author>
<name>Jason Wang</name>
<email>jasowang@redhat.com</email>
</author>
<published>2013-11-01T07:01:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=161f4a458cd88dc6ab33078d64aa28315129fade'/>
<id>161f4a458cd88dc6ab33078d64aa28315129fade</id>
<content type='text'>
[ Upstream commit 6f092343855a71e03b8d209815d8c45bf3a27fcd ]

We don't validate iph-&gt;ihl which may lead a dead loop if we meet a IPIP
skb whose iph-&gt;ihl is zero. Fix this by failing immediately when iph-&gt;ihl
is evil (less than 5).

This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
(rps: support IPIP encapsulation).

Signed-off-by: Jason Wang &lt;jasowang@redhat.com&gt;
Cc: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Petr Matousek &lt;pmatouse@redhat.com&gt;
Cc: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Cc: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 6f092343855a71e03b8d209815d8c45bf3a27fcd ]

We don't validate iph-&gt;ihl which may lead a dead loop if we meet a IPIP
skb whose iph-&gt;ihl is zero. Fix this by failing immediately when iph-&gt;ihl
is evil (less than 5).

This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
(rps: support IPIP encapsulation).

Signed-off-by: Jason Wang &lt;jasowang@redhat.com&gt;
Cc: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Petr Matousek &lt;pmatouse@redhat.com&gt;
Cc: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Cc: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: flow_dissector: fix thoff for IPPROTO_AH</title>
<updated>2013-10-13T22:42:47+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2013-09-26T15:44:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=a4942e9911a439060c744705178b766cf3ebe51e'/>
<id>a4942e9911a439060c744705178b766cf3ebe51e</id>
<content type='text'>
[ Upstream commit b86783587b3d1d552326d955acee37eac48800f1 ]

In commit 8ed781668dd49 ("flow_keys: include thoff into flow_keys for
later usage"), we missed that existing code was using nhoff as a
temporary variable that could not always contain transport header
offset.

This is not a problem for TCP/UDP because port offset (@poff)
is 0 for these protocols.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Nikolay Aleksandrov &lt;nikolay@redhat.com&gt;
Acked-by: Nikolay Aleksandrov &lt;nikolay@redhat.com&gt;
Acked-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b86783587b3d1d552326d955acee37eac48800f1 ]

In commit 8ed781668dd49 ("flow_keys: include thoff into flow_keys for
later usage"), we missed that existing code was using nhoff as a
temporary variable that could not always contain transport header
offset.

This is not a problem for TCP/UDP because port offset (@poff)
is 0 for these protocols.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Nikolay Aleksandrov &lt;nikolay@redhat.com&gt;
Acked-by: Nikolay Aleksandrov &lt;nikolay@redhat.com&gt;
Acked-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: flow_dissector.c missing include linux/export.h</title>
<updated>2012-01-24T21:03:33+00:00</updated>
<author>
<name>Jesper Dangaard Brouer</name>
<email>hawk@comx.dk</email>
</author>
<published>2012-01-24T21:03:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=c452ed70771cea3af73d21a5914989137fbd28b8'/>
<id>c452ed70771cea3af73d21a5914989137fbd28b8</id>
<content type='text'>
The file net/core/flow_dissector.c seems to be missing
including linux/export.h.

Signed-off-by: Jesper Dangaard Brouer &lt;hawk@comx.dk&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The file net/core/flow_dissector.c seems to be missing
including linux/export.h.

Signed-off-by: Jesper Dangaard Brouer &lt;hawk@comx.dk&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>flow_dissector: use a 64bit load/store</title>
<updated>2011-11-29T18:17:03+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2011-11-28T20:30:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=4d77d2b567ec66a443792d99e96ac760991d80d0'/>
<id>4d77d2b567ec66a443792d99e96ac760991d80d0</id>
<content type='text'>
Le lundi 28 novembre 2011 à 19:06 -0500, David Miller a écrit :
&gt; From: Dimitris Michailidis &lt;dm@chelsio.com&gt;
&gt; Date: Mon, 28 Nov 2011 08:25:39 -0800
&gt;
&gt; &gt;&gt; +bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys
&gt; &gt;&gt; *flow)
&gt; &gt;&gt; +{
&gt; &gt;&gt; +	int poff, nhoff = skb_network_offset(skb);
&gt; &gt;&gt; +	u8 ip_proto;
&gt; &gt;&gt; +	u16 proto = skb-&gt;protocol;
&gt; &gt;
&gt; &gt; __be16 instead of u16 for proto?
&gt;
&gt; I'll take care of this when I apply these patches.

( CC trimmed )

Thanks David !

Here is a small patch to use one 64bit load/store on x86_64 instead of
two 32bit load/stores.

[PATCH net-next] flow_dissector: use a 64bit load/store

gcc compiler is smart enough to use a single load/store if we
memcpy(dptr, sptr, 8) on x86_64, regardless of
CONFIG_CC_OPTIMIZE_FOR_SIZE

In IP header, daddr immediately follows saddr, this wont change in the
future. We only need to make sure our flow_keys (src,dst) fields wont
break the rule.

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Le lundi 28 novembre 2011 à 19:06 -0500, David Miller a écrit :
&gt; From: Dimitris Michailidis &lt;dm@chelsio.com&gt;
&gt; Date: Mon, 28 Nov 2011 08:25:39 -0800
&gt;
&gt; &gt;&gt; +bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys
&gt; &gt;&gt; *flow)
&gt; &gt;&gt; +{
&gt; &gt;&gt; +	int poff, nhoff = skb_network_offset(skb);
&gt; &gt;&gt; +	u8 ip_proto;
&gt; &gt;&gt; +	u16 proto = skb-&gt;protocol;
&gt; &gt;
&gt; &gt; __be16 instead of u16 for proto?
&gt;
&gt; I'll take care of this when I apply these patches.

( CC trimmed )

Thanks David !

Here is a small patch to use one 64bit load/store on x86_64 instead of
two 32bit load/stores.

[PATCH net-next] flow_dissector: use a 64bit load/store

gcc compiler is smart enough to use a single load/store if we
memcpy(dptr, sptr, 8) on x86_64, regardless of
CONFIG_CC_OPTIMIZE_FOR_SIZE

In IP header, daddr immediately follows saddr, this wont change in the
future. We only need to make sure our flow_keys (src,dst) fields wont
break the rule.

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: introduce skb_flow_dissect()</title>
<updated>2011-11-29T00:09:07+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2011-11-28T05:22:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=0744dd00c1b1be99a25b62b1b48df440e82e57e0'/>
<id>0744dd00c1b1be99a25b62b1b48df440e82e57e0</id>
<content type='text'>
We use at least two flow dissectors in network stack, with known
limitations and code duplication.

Introduce skb_flow_dissect() to factorize this, highly inspired from
existing dissector from __skb_get_rxhash()

Note : We extensively use skb_header_pointer(), this permits us to not
touch skb at all.

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We use at least two flow dissectors in network stack, with known
limitations and code duplication.

Introduce skb_flow_dissect() to factorize this, highly inspired from
existing dissector from __skb_get_rxhash()

Note : We extensively use skb_header_pointer(), this permits us to not
touch skb at all.

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
