Re: [PATCH net-next 1/5] net: l2tp: fix L2TP_ATTR_UDP_CSUM attribute type
Hi David, Thanks for the review. On Mon, 07 Nov 2016 13:08:45 -0500 (EST), David Millerwrote: > From: Asbjoern Sloth Toennesen > Date: Fri, 4 Nov 2016 22:48:34 + > > > L2TP_ATTR_UDP_CSUM is a flag, and gets read with > > nla_get_flag, but it is defined as NLA_U8 in > > the nla_policy. > > > > It appears that this is only publicly used in > > iproute2, where it's broken, because it's used as > > a NLA_FLAG, and fails validation as a NLA_U8. > > > > The only place it's used as a NLA_U8 is in > > l2tp_nl_tunnel_send(), but iproute2 again reads that > > as a flag, it's therefore always set. Fortunately > > it is never used for anything, just read. > > > > CC: Miao Wang > > Signed-off-by: Asbjoern Sloth Toennesen > > This is definitely the wrong way to go about this. > > The kernel is everywhere and updating iproute2 is infinitely > easier for users to do than updating the kernel. > > And in any event, once exported we really should never change > the API of anything shown to userspace like this. Just because > you can't find a user out there doesn't mean it doesn't exist. Sure, I have submitted a v2 of the patchset, that keeps the current netlink API intact. Was unsure how frozen the API was in these outlying corners, also only tried changing the cases where the kernel side is inconsistently implemented, ie. kept L2TP_ATTR_{SEND,RECV}_SEQ as u8-flags since it was used consitently. > Please instead fix iproute2 to use u8 attributes for this. Will do (set with u8-flag, read as u8). -- Best regards Asbjørn Sloth Tønnesen
Re: [PATCH net-next 1/5] net: l2tp: fix L2TP_ATTR_UDP_CSUM attribute type
From: Asbjoern Sloth ToennesenDate: Fri, 4 Nov 2016 22:48:34 + > L2TP_ATTR_UDP_CSUM is a flag, and gets read with > nla_get_flag, but it is defined as NLA_U8 in > the nla_policy. > > It appears that this is only publicly used in > iproute2, where it's broken, because it's used as > a NLA_FLAG, and fails validation as a NLA_U8. > > The only place it's used as a NLA_U8 is in > l2tp_nl_tunnel_send(), but iproute2 again reads that > as a flag, it's therefore always set. Fortunately > it is never used for anything, just read. > > CC: Miao Wang > Signed-off-by: Asbjoern Sloth Toennesen This is definitely the wrong way to go about this. The kernel is everywhere and updating iproute2 is infinitely easier for users to do than updating the kernel. And in any event, once exported we really should never change the API of anything shown to userspace like this. Just because you can't find a user out there doesn't mean it doesn't exist. Please instead fix iproute2 to use u8 attributes for this. Thanks.
[PATCH net-next 1/5] net: l2tp: fix L2TP_ATTR_UDP_CSUM attribute type
L2TP_ATTR_UDP_CSUM is a flag, and gets read with nla_get_flag, but it is defined as NLA_U8 in the nla_policy. It appears that this is only publicly used in iproute2, where it's broken, because it's used as a NLA_FLAG, and fails validation as a NLA_U8. The only place it's used as a NLA_U8 is in l2tp_nl_tunnel_send(), but iproute2 again reads that as a flag, it's therefore always set. Fortunately it is never used for anything, just read. CC: Miao WangSigned-off-by: Asbjoern Sloth Toennesen --- include/uapi/linux/l2tp.h | 2 +- net/l2tp/l2tp_netlink.c | 12 +--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/l2tp.h b/include/uapi/linux/l2tp.h index 4bd27d0..73e3a23 100644 --- a/include/uapi/linux/l2tp.h +++ b/include/uapi/linux/l2tp.h @@ -104,7 +104,7 @@ enum { L2TP_ATTR_PEER_CONN_ID, /* u32 */ L2TP_ATTR_SESSION_ID, /* u32 */ L2TP_ATTR_PEER_SESSION_ID, /* u32 */ - L2TP_ATTR_UDP_CSUM, /* u8 */ + L2TP_ATTR_UDP_CSUM, /* flag */ L2TP_ATTR_VLAN_ID, /* u16 */ L2TP_ATTR_COOKIE, /* 0, 4 or 8 bytes */ L2TP_ATTR_PEER_COOKIE, /* 0, 4 or 8 bytes */ diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c index 59aa2d2..1fe05da 100644 --- a/net/l2tp/l2tp_netlink.c +++ b/net/l2tp/l2tp_netlink.c @@ -379,9 +379,15 @@ static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int fla switch (tunnel->encap) { case L2TP_ENCAPTYPE_UDP: + switch (sk->sk_family) { + case AF_INET: + if ((!sk->sk_no_check_tx) && + nla_put_flag(skb, L2TP_ATTR_UDP_CSUM)) + goto nla_put_failure; + break; + } if (nla_put_u16(skb, L2TP_ATTR_UDP_SPORT, ntohs(inet->inet_sport)) || - nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport)) || - nla_put_u8(skb, L2TP_ATTR_UDP_CSUM, !sk->sk_no_check_tx)) + nla_put_u16(skb, L2TP_ATTR_UDP_DPORT, ntohs(inet->inet_dport))) goto nla_put_failure; /* NOBREAK */ case L2TP_ENCAPTYPE_IP: @@ -873,7 +879,7 @@ static const struct nla_policy l2tp_nl_policy[L2TP_ATTR_MAX + 1] = { [L2TP_ATTR_PEER_CONN_ID]= { .type = NLA_U32, }, [L2TP_ATTR_SESSION_ID] = { .type = NLA_U32, }, [L2TP_ATTR_PEER_SESSION_ID] = { .type = NLA_U32, }, - [L2TP_ATTR_UDP_CSUM]= { .type = NLA_U8, }, + [L2TP_ATTR_UDP_CSUM]= { .type = NLA_FLAG, }, [L2TP_ATTR_VLAN_ID] = { .type = NLA_U16, }, [L2TP_ATTR_DEBUG] = { .type = NLA_U32, }, [L2TP_ATTR_RECV_SEQ]= { .type = NLA_U8, }, -- 2.10.1