| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Aug 2012 14:27:00 +0200 (MEST)
From: Patrick McHardy <kaber@...sh.net>
To: Jesper Dangaard Brouer <hawk@...u.dk>
cc: Pablo Neira Ayuso <pablo@...filter.org>,
Netfilter Developers <netfilter-devel@...r.kernel.org>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH 03/19] netfilter: nf_conntrack_ipv6: improve fragmentation
handling
On Wed, 29 Aug 2012, Jesper Dangaard Brouer wrote:
>
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
>
> And some nitpicks below...
>
>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>> index 5b2d63e..a4f6263 100644
>> --- a/net/ipv6/ip6_output.c
>> +++ b/net/ipv6/ip6_output.c
>> @@ -493,7 +493,8 @@ int ip6_forward(struct sk_buff *skb)
>> if (mtu < IPV6_MIN_MTU)
>> mtu = IPV6_MIN_MTU;
>>
>> - if (skb->len > mtu && !skb_is_gso(skb)) {
>> + if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) ||
>
> You use (!skb->local_df) to invalidate the use of skb->len, instead of
> (!IP6CB(skb)->frag_max_size), (which is okay, because you set local_df
> later). Is there are reason this check is better?
Just that it's consistent with ip6_output and the regular local_df
handling. It saves one extra condition in ip6_output.
>> + (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
>
> Eric Dumazet would probably nitpick and say, it can be reduced to:
> (IP6CB(skb)->frag_max_size > mtu)
> ;-)
True. I'll fix that once Pablo has pulled in the patches.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists