* [PATCH net-next] Allocate unique metrics for icmp6 packets to prevent tainting dst metrics
@ 2012-03-12 15:16 Nick Jones
2012-03-12 19:48 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Nick Jones @ 2012-03-12 15:16 UTC (permalink / raw)
To: netdev
The generation of an icmp6 packet, targeted to a specific desination
address, will cause the shared metrics of the ip6_dst and inetpeer
of that address to be tainted with the hoplimit value 255.
All packets, icmp6 or otherwise, will have this hoplimit value, and
if the destination is a router, not even advertisements specifying a
new hoplimit value will have any effect due to the way
ip6_dst_hoplimit works.
By allocating a unique metrics array for the icmp6 packet, the shared
metrics will not be tainted.
Signed-off-by: Nick Jones <nick.jones@network-box.com>
---
First follow up after discussion at:
http://www.spinics.net/lists/netdev/msg191052.html
net/ipv6/route.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 92be12b..209d156 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1117,6 +1117,14 @@ struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
rt->rt6i_dst.addr = fl6->daddr;
rt->rt6i_dst.plen = 128;
rt->rt6i_idev = idev;
+
+ u32 *metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_ATOMIC);
+ if (unlikely(!metrics)) {
+ in6_dev_put(idev);
+ dst_free(&rt->dst);
+ return ERR_CAST(-ENOMEM);
+ }
+ dst_init_metrics(&rt->dst, metrics, 0);
dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 255);
spin_lock_bh(&icmp6_dst_lock);
--
1.7.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] Allocate unique metrics for icmp6 packets to prevent tainting dst metrics
2012-03-12 15:16 [PATCH net-next] Allocate unique metrics for icmp6 packets to prevent tainting dst metrics Nick Jones
@ 2012-03-12 19:48 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2012-03-12 19:48 UTC (permalink / raw)
To: nick.jones; +Cc: netdev
From: Nick Jones <nick.jones@network-box.com>
Date: Mon, 12 Mar 2012 23:16:14 +0800
> The generation of an icmp6 packet, targeted to a specific desination
> address, will cause the shared metrics of the ip6_dst and inetpeer
> of that address to be tainted with the hoplimit value 255.
> All packets, icmp6 or otherwise, will have this hoplimit value, and
> if the destination is a router, not even advertisements specifying a
> new hoplimit value will have any effect due to the way
> ip6_dst_hoplimit works.
>
> By allocating a unique metrics array for the icmp6 packet, the shared
> metrics will not be tainted.
>
> Signed-off-by: Nick Jones <nick.jones@network-box.com>
You can't just change the allocation side.
You now have to make sure the free'ing side knows that these special
routes use kmalloc()'d metrics. On ipv6 this is implemented in
ip6_dst_destroy(). Unless DST_HOST will be clear on all of these
icmp6 routes, the metrics will be leaked because ip6_dst_destroy()
will not invoke dst_destroy_metrics_generic() which would do the
kfree().
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-03-12 19:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-12 15:16 [PATCH net-next] Allocate unique metrics for icmp6 packets to prevent tainting dst metrics Nick Jones
2012-03-12 19:48 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).