Message ID | 1303456743.2023.55.camel@nausicaa |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Le vendredi 22 avril 2011 à 16:19 +0900, Fernando Luis Vazquez Cao a écrit : > The IPv6 header is not zeroed out in alloc_skb so we must initialize it > properly unless we want to see IPv6 packets with random TOS fields > floating around. The current implementation resets the flow label > but this could be changed if deemed necessary. > > We stumbled upon this issue when trying to apply a mangle rule to > the RST packet generated by the REJECT target module. > > Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> > --- > > diff -urNp linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c > --- linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c 2011-03-15 10:20:32.000000000 +0900 > +++ linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c 2011-04-22 15:00:30.695373543 +0900 > @@ -45,6 +45,8 @@ static void send_reset(struct net *net, > int tcphoff, needs_ack; > const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); > struct ipv6hdr *ip6h; > +#define DEFAULT_TOS_VALUE 0x0U > + const __u8 tclass = DEFAULT_TOS_VALUE; > struct dst_entry *dst = NULL; > u8 proto; > struct flowi fl; > @@ -123,7 +125,7 @@ static void send_reset(struct net *net, > skb_put(nskb, sizeof(struct ipv6hdr)); > skb_reset_network_header(nskb); > ip6h = ipv6_hdr(nskb); > - ip6h->version = 6; > + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); It seems fine but I am wondering where is payload_len set ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 2011-04-22 at 09:34 +0200, Eric Dumazet wrote: > Le vendredi 22 avril 2011 à 16:19 +0900, Fernando Luis Vazquez Cao a > écrit : > > The IPv6 header is not zeroed out in alloc_skb so we must initialize it > > properly unless we want to see IPv6 packets with random TOS fields > > floating around. The current implementation resets the flow label > > but this could be changed if deemed necessary. > > > > We stumbled upon this issue when trying to apply a mangle rule to > > the RST packet generated by the REJECT target module. > > > > Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> > > --- > > > > diff -urNp linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c > > --- linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c 2011-03-15 10:20:32.000000000 +0900 > > +++ linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c 2011-04-22 15:00:30.695373543 +0900 > > @@ -45,6 +45,8 @@ static void send_reset(struct net *net, > > int tcphoff, needs_ack; > > const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); > > struct ipv6hdr *ip6h; > > +#define DEFAULT_TOS_VALUE 0x0U > > + const __u8 tclass = DEFAULT_TOS_VALUE; > > struct dst_entry *dst = NULL; > > u8 proto; > > struct flowi fl; > > @@ -123,7 +125,7 @@ static void send_reset(struct net *net, > > skb_put(nskb, sizeof(struct ipv6hdr)); > > skb_reset_network_header(nskb); > > ip6h = ipv6_hdr(nskb); > > - ip6h->version = 6; > > + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); > > It seems fine but I am wondering where is payload_len set ? Hi Eric, Thank you for the review, I really appreciate it. payload_len is set in __ip6_local_out() which is called from ip6_local_out. Could I get your acked-by for the two patches I sent? Thanks, Fernando -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le vendredi 22 avril 2011 à 16:47 +0900, Fernando Luis Vazquez Cao a écrit : > Hi Eric, > > Thank you for the review, I really appreciate it. > > payload_len is set in __ip6_local_out() which is called from > ip6_local_out. > Thats right, thanks ! > Could I get your acked-by for the two patches I sent? > Sure Acked-by: Eric Dumazet <eric.dumazet@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 2011-04-22 at 10:06 +0200, Eric Dumazet wrote: > Le vendredi 22 avril 2011 à 16:47 +0900, Fernando Luis Vazquez Cao a > écrit : > > Could I get your acked-by for the two patches I sent? > > > > Sure > > Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Thank you! Should we send these two patches to -stable too? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a écrit : > Thank you! > > Should we send these two patches to -stable too? > David takes care of stable submissions for netdev stuff, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 22/04/11 10:37, Eric Dumazet wrote: > Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a > écrit : > >> Thank you! >> >> Should we send these two patches to -stable too? > > David takes care of stable submissions for netdev stuff, thanks. If the patch follows the netfilter path, we'll take care of sending stable submissions. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2011-04-26 at 03:13 +0200, Pablo Neira Ayuso wrote: > On 22/04/11 10:37, Eric Dumazet wrote: > > Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a > > écrit : > > > >> Thank you! > >> > >> Should we send these two patches to -stable too? > > > > David takes care of stable submissions for netdev stuff, thanks. > > If the patch follows the netfilter path, we'll take care of sending > stable submissions. David, will you take care of these two patches or should they go through the netfilter tree? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Tue, 26 Apr 2011 03:13:16 +0200 > On 22/04/11 10:37, Eric Dumazet wrote: >> Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a >> écrit : >> >>> Thank you! >>> >>> Should we send these two patches to -stable too? >> >> David takes care of stable submissions for netdev stuff, thanks. > > If the patch follows the netfilter path, we'll take care of sending > stable submissions. Right. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Date: Tue, 26 Apr 2011 10:26:20 +0900 > On Tue, 2011-04-26 at 03:13 +0200, Pablo Neira Ayuso wrote: >> On 22/04/11 10:37, Eric Dumazet wrote: >> > Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a >> > écrit : >> > >> >> Thank you! >> >> >> >> Should we send these two patches to -stable too? >> > >> > David takes care of stable submissions for netdev stuff, thanks. >> >> If the patch follows the netfilter path, we'll take care of sending >> stable submissions. > > David, will you take care of these two patches or should they go through > the netfilter tree? Netfilter, as usual. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 2011-04-25 at 22:17 -0700, David Miller wrote: > From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> > Date: Tue, 26 Apr 2011 10:26:20 +0900 > > > On Tue, 2011-04-26 at 03:13 +0200, Pablo Neira Ayuso wrote: > >> On 22/04/11 10:37, Eric Dumazet wrote: > >> > Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a > >> > écrit : > >> > > >> >> Thank you! > >> >> > >> >> Should we send these two patches to -stable too? > >> > > >> > David takes care of stable submissions for netdev stuff, thanks. > >> > >> If the patch follows the netfilter path, we'll take care of sending > >> stable submissions. > > > > David, will you take care of these two patches or should they go through > > the netfilter tree? > > Netfilter, as usual. Thank you for the clarification. I really appreciate it. Pablo, could you pull in the two patches below? They have already been acked by Eric. It would be great it we could get them merged for the next -rc and stable releases. [PATCH] netfilter/IPv6: fix DSCP mangle code [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module - Fernando -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: > On Mon, 2011-04-25 at 22:17 -0700, David Miller wrote: >> From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> >> Date: Tue, 26 Apr 2011 10:26:20 +0900 >> >>> On Tue, 2011-04-26 at 03:13 +0200, Pablo Neira Ayuso wrote: >>>> On 22/04/11 10:37, Eric Dumazet wrote: >>>>> Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a >>>>> écrit : >>>>> >>>>>> Thank you! >>>>>> >>>>>> Should we send these two patches to -stable too? >>>>> >>>>> David takes care of stable submissions for netdev stuff, thanks. >>>> >>>> If the patch follows the netfilter path, we'll take care of sending >>>> stable submissions. >>> >>> David, will you take care of these two patches or should they go through >>> the netfilter tree? >> >> Netfilter, as usual. > > Thank you for the clarification. I really appreciate it. > > Pablo, could you pull in the two patches below? They have already been > acked by Eric. It would be great it we could get them merged for the > next -rc and stable releases. > > [PATCH] netfilter/IPv6: fix DSCP mangle code > [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module Patrick is the primary link to take patches, I'm including him in this CC. If he experiences any problem, I'll make sure that these hit -rc, so never mind. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 26/04/11 17:34, Pablo Neira Ayuso wrote: > On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: >> On Mon, 2011-04-25 at 22:17 -0700, David Miller wrote: >>> From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> >>> Date: Tue, 26 Apr 2011 10:26:20 +0900 >>> >>>> On Tue, 2011-04-26 at 03:13 +0200, Pablo Neira Ayuso wrote: >>>>> On 22/04/11 10:37, Eric Dumazet wrote: >>>>>> Le vendredi 22 avril 2011 à 17:11 +0900, Fernando Luis Vazquez Cao a >>>>>> écrit : >>>>>> >>>>>>> Thank you! >>>>>>> >>>>>>> Should we send these two patches to -stable too? >>>>>> >>>>>> David takes care of stable submissions for netdev stuff, thanks. >>>>> >>>>> If the patch follows the netfilter path, we'll take care of sending >>>>> stable submissions. >>>> >>>> David, will you take care of these two patches or should they go through >>>> the netfilter tree? >>> >>> Netfilter, as usual. >> >> Thank you for the clarification. I really appreciate it. >> >> Pablo, could you pull in the two patches below? They have already been >> acked by Eric. It would be great it we could get them merged for the >> next -rc and stable releases. >> >> [PATCH] netfilter/IPv6: fix DSCP mangle code >> [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module > > Patrick is the primary link to take patches, I'm including him in this > CC. If he experiences any problem, I'll make sure that these hit -rc, so > never mind. ^^^^^^^^^^ Sorry, I meant to say, "don't worry" :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2011-04-26 at 17:35 +0200, Pablo Neira Ayuso wrote: > On 26/04/11 17:34, Pablo Neira Ayuso wrote: > > On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: > >> Pablo, could you pull in the two patches below? They have already been > >> acked by Eric. It would be great it we could get them merged for the > >> next -rc and stable releases. > >> > >> [PATCH] netfilter/IPv6: fix DSCP mangle code > >> [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module > > > > Patrick is the primary link to take patches, I'm including him in this > > CC. If he experiences any problem, I'll make sure that these hit -rc, so > > never mind. > ^^^^^^^^^^ > > Sorry, I meant to say, "don't worry" :-) Thank you, Pablo. I really appreciate it. - Fernando -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2011-04-26 at 17:34 +0200, Pablo Neira Ayuso wrote: > On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: > > Pablo, could you pull in the two patches below? They have already been > > acked by Eric. It would be great it we could get them merged for the > > next -rc and stable releases. > > > > [PATCH] netfilter/IPv6: fix DSCP mangle code > > [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module > > Patrick is the primary link to take patches, I'm including him in this > CC. If he experiences any problem, I'll make sure that these hit -rc, so > never mind. It seems that the two patches above did not make it into 2.6.39-rc6. Any chance we can get them merged before 2.6.39 is released? Thanks, Fernando -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 06/05/11 10:27, Fernando Luis Vázquez Cao wrote: > On Tue, 2011-04-26 at 17:34 +0200, Pablo Neira Ayuso wrote: >> On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: >>> Pablo, could you pull in the two patches below? They have already been >>> acked by Eric. It would be great it we could get them merged for the >>> next -rc and stable releases. >>> >>> [PATCH] netfilter/IPv6: fix DSCP mangle code >>> [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module >> >> Patrick is the primary link to take patches, I'm including him in this >> CC. If he experiences any problem, I'll make sure that these hit -rc, so >> never mind. > > It seems that the two patches above did not make it into 2.6.39-rc6. Any > chance we can get them merged before 2.6.39 is released? I'll pick them and push them to davem by monday. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Friday 2011-05-06 12:38, Pablo Neira Ayuso wrote: >On 06/05/11 10:27, Fernando Luis Vázquez Cao wrote: >> On Tue, 2011-04-26 at 17:34 +0200, Pablo Neira Ayuso wrote: >>> On 26/04/11 07:25, Fernando Luis Vazquez Cao wrote: >>>> Pablo, could you pull in the two patches below? They have already been >>>> acked by Eric. It would be great it we could get them merged for the >>>> next -rc and stable releases. >>>> >>>> [PATCH] netfilter/IPv6: fix DSCP mangle code >>>> [PATCH] netfilter/IPv6: initialize TOS field in REJECT target module >>> >>> Patrick is the primary link to take patches, I'm including him in this >>> CC. If he experiences any problem, I'll make sure that these hit -rc, so >>> never mind. >> >> It seems that the two patches above did not make it into 2.6.39-rc6. Any >> chance we can get them merged before 2.6.39 is released? > >I'll pick them and push them to davem by monday. Thanks! Also revert a2361c8735e07322023aedc36e4938b35af31eb0 please. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff -urNp linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c --- linux-2.6.38.4-orig/net/ipv6/netfilter/ip6t_REJECT.c 2011-03-15 10:20:32.000000000 +0900 +++ linux-2.6.38.4/net/ipv6/netfilter/ip6t_REJECT.c 2011-04-22 15:00:30.695373543 +0900 @@ -45,6 +45,8 @@ static void send_reset(struct net *net, int tcphoff, needs_ack; const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); struct ipv6hdr *ip6h; +#define DEFAULT_TOS_VALUE 0x0U + const __u8 tclass = DEFAULT_TOS_VALUE; struct dst_entry *dst = NULL; u8 proto; struct flowi fl; @@ -123,7 +125,7 @@ static void send_reset(struct net *net, skb_put(nskb, sizeof(struct ipv6hdr)); skb_reset_network_header(nskb); ip6h = ipv6_hdr(nskb); - ip6h->version = 6; + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->nexthdr = IPPROTO_TCP; ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr);
The IPv6 header is not zeroed out in alloc_skb so we must initialize it properly unless we want to see IPv6 packets with random TOS fields floating around. The current implementation resets the flow label but this could be changed if deemed necessary. We stumbled upon this issue when trying to apply a mangle rule to the RST packet generated by the REJECT target module. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html