Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp3607428rwe; Mon, 29 Aug 2022 15:47:10 -0700 (PDT) X-Google-Smtp-Source: AA6agR5rt5LYoDZb3zgMWtEeV9paz+3FAPd71bEpm9391ra06pkGDF3GglKpmLy7bBhrM+ncAix2 X-Received: by 2002:a17:907:80d:b0:73d:1e3f:3d83 with SMTP id wv13-20020a170907080d00b0073d1e3f3d83mr14530859ejb.372.1661813230107; Mon, 29 Aug 2022 15:47:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661813230; cv=none; d=google.com; s=arc-20160816; b=iT5yNesObAMFtbDbF/uH72vvUt0uyMFYvtQRR6sqoSGrIzhVrqponQ0k6mFcM1od42 Wzkf0Chq87OhnTVd1N841VFdTQw1xo6zZRwUSNiH0/9ALgSqU6MwyoERkhOiQ0D2yFHz c7GUgKkRcflXIGeI6in7PLGWYPfpMsZUGe9a9XpDf/uyFkTlrO2+dhiAtfWpdxjdSJiV HvJqrR4VYbdv53iyRCA4XobHScoOaCaVezA36d1ENZVtOVHz8E+pEmwbu7eB/8a7Q5DK RgVGiGH/mS68S4FTc3r1E1jVUzofuPqiHKyvoIpEwIfK8/Gw99/PLDakzTpkBOu+dIBD apXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=yC7Xn5oBtw6noXWiTwMxITW9fGUbbPFit3BuwbqYikY=; b=m0TgZfICMZGi6l9NyPCp3Fxlh76/5+nc0UPvatPwOYK4FX7NTTiSC+xEW67envEGOm 62pouT7KqXLDft267p7iW0nn62xAwH3DNB0Zq0OVMIyjrIj5QmmkbWmt+UuhALYbGjVU 9W8z8lZaAcKALGgn58/GiRliZ6a+kix5FccMrbnNSdQzAEAQrHnsMK8MBTB5pW1ZTE6L 4brIXK4hvrLyUmejVN8rRCPIYJPRJSBujzCPFRb51do+Ly8VfeAQ0xB6hXVWaCRCL0eb 0W4JtYmUF+bLzUoQ4m7p1OqxWdzRBB5JJbencCM+oxwgpUivWACvCO3UW2kDcQOI0CY1 svOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rbjMIzik; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qw5-20020a1709066a0500b0072b6ef5fff3si5171404ejc.605.2022.08.29.15.46.43; Mon, 29 Aug 2022 15:47:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rbjMIzik; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229955AbiH2WVM (ORCPT + 99 others); Mon, 29 Aug 2022 18:21:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229832AbiH2WVK (ORCPT ); Mon, 29 Aug 2022 18:21:10 -0400 Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18A1E7C196 for ; Mon, 29 Aug 2022 15:21:06 -0700 (PDT) Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-33dce2d4bc8so230887067b3.4 for ; Mon, 29 Aug 2022 15:21:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=yC7Xn5oBtw6noXWiTwMxITW9fGUbbPFit3BuwbqYikY=; b=rbjMIzikOkFtg718VqJL0ohceKlt+MCOFy0LBZwxmorGqOKrAL1O8ljSeN2BpObl7t kh6ILRZ7YV00BzIOPJAJZng/RfqomVhVbjIL1ursV3rXAl1HxyPtihZkZGXmqdDyhekX HP9MM6TwZBVcpPoAW2FGmWm/R8LOcrqxoVRNec2EC71cfV7Z1yzrNYFtZg2//AOWYNT8 aYChVlC68fgwynn2foxgINFyeHbFqRPirrJmnD5/X7+PxrpqpuyNu7qlkVbNAV8jgbVt CyLw3XmKmUgs9rVyBAw7fHCi9iz55ooz5gkv5QWMpqfFuzW2BEMLwCVRVlPnIKLnRhkj EU4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=yC7Xn5oBtw6noXWiTwMxITW9fGUbbPFit3BuwbqYikY=; b=5D1dADdzzRQBnYESHBPISrmdhQ2ZHImqF3cfG4Yz+i91JjjTMC59Tj5HRcjJ3TKUFH 4kzwyJFAzbcrGxI6+sG1IKaqGulfMHHn2xXIBsI2PCstLIbQePdl6LHePqiIrpPwOQ37 eBte0YLU74+aUn3J11Lpkssr4+fPeH58/2aIaH/obMGxAgVrv0wdXUHUyBhvrG2Wf1+8 A3U19YBWCqOi+dKRW7oAWxSqT32nU0Ld3e7nehzEP2ESjGZlmQyWxgKxcU9lLaUl9JmV hoyAuTWXhBri+yR/eOOFY0vg/eqa/f6p6YsWU3lNJKo7NoAnedSvF+r5tI2yvyoibSBq Q9FA== X-Gm-Message-State: ACgBeo1amU0lFontxoV8y7zVie6LbJr6qePnPs8BZLDG+tpuC+A/vFA2 QlN+v1QL6xzs/V+1UaEKQTqfGCdDDocQWuaCVXo9YQ== X-Received: by 2002:a25:b083:0:b0:695:9a91:317d with SMTP id f3-20020a25b083000000b006959a91317dmr9108585ybj.387.1661811665051; Mon, 29 Aug 2022 15:21:05 -0700 (PDT) MIME-Version: 1.0 References: <20220829114600.GA2374@debian> In-Reply-To: <20220829114600.GA2374@debian> From: Eric Dumazet Date: Mon, 29 Aug 2022 15:20:54 -0700 Message-ID: Subject: Re: [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init To: Richard Gobert Cc: David Miller , Jakub Kicinski , Paolo Abeni , Jonathan Corbet , Hideaki YOSHIFUJI , David Ahern , Alexander Aring , Stefan Schmidt , Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , Martin KaFai Lau , netdev , "open list:DOCUMENTATION" , LKML , linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 29, 2022 at 4:48 AM Richard Gobert wrote: > > Obtain the IPv6 peer in ip6frag_init, to allow for peer memory tracking > in the IPv6 fragment reassembly logic. Sorry, this is adding yet another bottleneck, and will make DDOS attacks based on fragments more effective. Whole concept of 'peers' based on IPv6 addresses is rather weak, as hosts with IPv6 can easily get millions of different 'addresses'. > > Signed-off-by: Richard Gobert > --- > include/net/ipv6_frag.h | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/include/net/ipv6_frag.h b/include/net/ipv6_frag.h > index 5052c66e22d2..62760cd3bdd1 100644 > --- a/include/net/ipv6_frag.h > +++ b/include/net/ipv6_frag.h > @@ -6,6 +6,7 @@ > #include > #include > #include > +#include > > enum ip6_defrag_Richard Goberts { > IP6_DEFRAG_LOCAL_DELIVER, > @@ -33,9 +34,11 @@ static inline void ip6frag_init(struct inet_frag_queue *q, const void *a) > { > struct frag_queue *fq = container_of(q, struct frag_queue, q); > const struct frag_v6_compare_key *key = a; > + const struct net *net = q->fqdir->net; > > q->key.v6 = *key; > fq->ecn = 0; > + q->peer = inet_getpeer_v6(net->ipv6.peers, &key->saddr, 1); > } > > static inline u32 ip6frag_key_hashfn(const void *data, u32 len, u32 seed) > -- > 2.36.1 >