[net,v3,0/4] fix NULL dereference trigger by SRv6 with netfilter

Message ID	20240613094249.32658-1-wujianguo106@163.com (mailing list archive)
Headers	show Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.5]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BB61A13F45B for <netdev@vger.kernel.org>; Thu, 13 Jun 2024 09:43:36 +0000 (UTC) From: wujianguo106@163.com To: netdev@vger.kernel.org Cc: kuba@kernel.org, edumazet@google.com, contact@proelbtn.com, pablo@netfilter.org, dsahern@kernel.org, pabeni@redhat.com, wujianguo106@163.com, Jianguo Wu <wujianguo@chinatelecom.cn> Subject: [PATCH net v3 0/4] fix NULL dereference trigger by SRv6 with netfilter Date: Thu, 13 Jun 2024 17:42:45 +0800 Message-ID: <20240613094249.32658-1-wujianguo106@163.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	fix NULL dereference trigger by SRv6 with netfilter \| expand [net,v3,0/4] fix NULL dereference trigger by SRv6 with netfilter [net,v3,1/4] seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors [net,v3,2/4] netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core [net,v3,3/4] selftests: add selftest for the SRv6 End.DX4 behavior with netfilter [net,v3,4/4] selftests: add selftest for the SRv6 End.DX6 behavior with netfilter

Message ID

20240613094249.32658-1-wujianguo106@163.com (mailing list archive)

Headers

From: wujianguo106@163.com
To: netdev@vger.kernel.org
Cc: kuba@kernel.org,
	edumazet@google.com,
	contact@proelbtn.com,
	pablo@netfilter.org,
	dsahern@kernel.org,
	pabeni@redhat.com,
	wujianguo106@163.com,
	Jianguo Wu <wujianguo@chinatelecom.cn>
Subject: [PATCH net v3 0/4] fix NULL dereference trigger by SRv6 with
 netfilter
Date: Thu, 13 Jun 2024 17:42:45 +0800
Message-ID: <20240613094249.32658-1-wujianguo106@163.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

fix NULL dereference trigger by SRv6 with netfilter | expand

Message

Jianguo Wu June 13, 2024, 9:42 a.m. UTC

From: Jianguo Wu <wujianguo@chinatelecom.cn>

v3:
 - move the sysctl nf_hooks_lwtunnel into the netfilter core.
 - add CONFIG_IP_NF_MATCH_RPFILTER/CONFIG_IP6_NF_MATCH_RPFILTER
   into selftest net/config.
 - set selftrest scripts file mode to 755.

v2:
 - fix commit log.
 - add two selftests.

Jianguo Wu (4):
  seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and
    End.DX6 behaviors
  netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
  selftests: add selftest for the SRv6 End.DX4 behavior with netfilter
  selftests: add selftest for the SRv6 End.DX6 behavior with netfilter

 include/net/netns/netfilter.h                 |   3 +
 net/ipv6/seg6_local.c                         |   8 +-
 net/netfilter/core.c                          |  13 +-
 net/netfilter/nf_conntrack_standalone.c       |  15 -
 net/netfilter/nf_hooks_lwtunnel.c             |  68 ++++
 net/netfilter/nf_internals.h                  |   6 +
 tools/testing/selftests/net/Makefile          |   2 +
 tools/testing/selftests/net/config            |   2 +
 .../net/srv6_end_dx4_netfilter_test.sh        | 335 +++++++++++++++++
 .../net/srv6_end_dx6_netfilter_test.sh        | 340 ++++++++++++++++++
 10 files changed, 771 insertions(+), 21 deletions(-)
 create mode 100755 tools/testing/selftests/net/srv6_end_dx4_netfilter_test.sh
 create mode 100755 tools/testing/selftests/net/srv6_end_dx6_netfilter_test.sh

Comments

Jakub Kicinski June 18, 2024, 3:17 p.m. UTC | #1

On Thu, 13 Jun 2024 17:42:45 +0800 wujianguo106@163.com wrote:
> v3:
>  - move the sysctl nf_hooks_lwtunnel into the netfilter core.
>  - add CONFIG_IP_NF_MATCH_RPFILTER/CONFIG_IP6_NF_MATCH_RPFILTER
>    into selftest net/config.
>  - set selftrest scripts file mode to 755.
> 
> v2:
>  - fix commit log.
>  - add two selftests.
> 
> Jianguo Wu (4):
>   seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and
>     End.DX6 behaviors
>   netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
>   selftests: add selftest for the SRv6 End.DX4 behavior with netfilter
>   selftests: add selftest for the SRv6 End.DX6 behavior with netfilter

Hi Pablo!

FWIW this gained a "Not Applicable" designation in our patchwork,
I presume from DaveM. So we're expecting you to take it via netfilter.

Pablo Neira Ayuso June 18, 2024, 3:27 p.m. UTC | #2

On Tue, Jun 18, 2024 at 08:17:11AM -0700, Jakub Kicinski wrote:
> On Thu, 13 Jun 2024 17:42:45 +0800 wujianguo106@163.com wrote:
> > v3:
> >  - move the sysctl nf_hooks_lwtunnel into the netfilter core.
> >  - add CONFIG_IP_NF_MATCH_RPFILTER/CONFIG_IP6_NF_MATCH_RPFILTER
> >    into selftest net/config.
> >  - set selftrest scripts file mode to 755.
> > 
> > v2:
> >  - fix commit log.
> >  - add two selftests.
> > 
> > Jianguo Wu (4):
> >   seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and
> >     End.DX6 behaviors
> >   netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
> >   selftests: add selftest for the SRv6 End.DX4 behavior with netfilter
> >   selftests: add selftest for the SRv6 End.DX6 behavior with netfilter
> 
> Hi Pablo!
> 
> FWIW this gained a "Not Applicable" designation in our patchwork,
> I presume from DaveM. So we're expecting you to take it via netfilter.

OK, I will pick up. Thanks for the notice.