lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 8 Jan 2013 22:34:29 -0800
From:	Ani Sinha <ani@...stanetworks.com>
To:	Eric Dumazet <eric.dumazet@...il.com>,
	tcpdump-workers@...ts.tcpdump.org
Cc:	Paul Pearce <pearce@...berkeley.edu>, netdev@...r.kernel.org,
	dborkman <dborkman@...hat.com>, edumazet <edumazet@...gle.com>,
	Jiri Pirko <jpirko@...hat.com>
Subject: Re: [PATCH net 1/2] net: dev_queue_xmit_nit: fix skb->vlan_tci field value

+tcpdump-workers


On Tue, Jan 8, 2013 at 10:27 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Tue, 2013-01-08 at 22:06 -0800, Ani Sinha wrote:
>
>> The proposed patch tries to fix the issue that arose after the
>> following commit :
>>
>> commit b40863c667c16b7a73d4f034a8eab67029b5b15a
>> Author: Eric Dumazet <edumazet@...gle.com>
>> Date:   Tue Sep 18 20:44:49 2012 +0000
>>
>>     net: more accurate network taps in transmit path
>>
>>
>> I do not believe 3.6.11 kernel has this change. 3.6.11 should not need
>> the patch.
>
> Thats irrelevant. This only shows that user land was depending on a
> prior undocumented behavior.
>
> It seems a libpcap issue to me. Kernel side provides all needed bits.
>
> When I want "tcpdump src port 2030", filter is :
>
> (000) ldh      [12]
> (001) jeq      #0x86dd          jt 2    jf 8
> (002) ldb      [20]
> (003) jeq      #0x84            jt 6    jf 4
> (004) jeq      #0x6             jt 6    jf 5
> (005) jeq      #0x11            jt 6    jf 19
> (006) ldh      [54]
> (007) jeq      #0x7ee           jt 18   jf 19
> (008) jeq      #0x800           jt 9    jf 19
> (009) ldb      [23]
> (010) jeq      #0x84            jt 13   jf 11
> (011) jeq      #0x6             jt 13   jf 12
> (012) jeq      #0x11            jt 13   jf 19
> (013) ldh      [20]
> (014) jset     #0x1fff          jt 19   jf 15
> (015) ldxb     4*([14]&0xf)
> (016) ldh      [x + 14]
> (017) jeq      #0x7ee           jt 18   jf 19
> (018) ret      #96
> (019) ret      #0
>
> See how it handles both IPv4 and IPv6, and various protocols
> automatically ?
>
> If I only wanted "udp and src port 2030" it would give :
>
> (000) ldh      [12]
> (001) jeq      #0x86dd          jt 2    jf 6
> (002) ldb      [20]
> (003) jeq      #0x11            jt 4    jf 15
> (004) ldh      [54]
> (005) jeq      #0x7ee           jt 14   jf 15
> (006) jeq      #0x800           jt 7    jf 15
> (007) ldb      [23]
> (008) jeq      #0x11            jt 9    jf 15
> (009) ldh      [20]
> (010) jset     #0x1fff          jt 15   jf 11
> (011) ldxb     4*([14]&0xf)
> (012) ldh      [x + 14]
> (013) jeq      #0x7ee           jt 14   jf 15
> (014) ret      #96
> (015) ret      #0
>
>
>
> So when I want "tcpdump vlan 100" it generates :
>
> (000) ldh      [12]
> (001) jeq      #0x8100          jt 2    jf 6
> (002) ldh      [14]
> (003) and      #0xfff
> (004) jeq      #0x64            jt 5    jf 6
> (005) ret      #96
> (006) ret      #0
>
> What's wrong instructing libpcap to extend the filter to be able to
> get the correct result, vlan id being in skb->vlan_id (vlan accel on),
> or in the packet itself (vlan accel off)
>
> This way, you could chose if you want to get only accelerated vlan,
> or non accelerated vlan, or both. And you need no kernel hacking.
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists