lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jan 2013 22:34:29 -0800 From: Ani Sinha <ani@...stanetworks.com> To: Eric Dumazet <eric.dumazet@...il.com>, tcpdump-workers@...ts.tcpdump.org Cc: Paul Pearce <pearce@...berkeley.edu>, netdev@...r.kernel.org, dborkman <dborkman@...hat.com>, edumazet <edumazet@...gle.com>, Jiri Pirko <jpirko@...hat.com> Subject: Re: [PATCH net 1/2] net: dev_queue_xmit_nit: fix skb->vlan_tci field value +tcpdump-workers On Tue, Jan 8, 2013 at 10:27 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > On Tue, 2013-01-08 at 22:06 -0800, Ani Sinha wrote: > >> The proposed patch tries to fix the issue that arose after the >> following commit : >> >> commit b40863c667c16b7a73d4f034a8eab67029b5b15a >> Author: Eric Dumazet <edumazet@...gle.com> >> Date: Tue Sep 18 20:44:49 2012 +0000 >> >> net: more accurate network taps in transmit path >> >> >> I do not believe 3.6.11 kernel has this change. 3.6.11 should not need >> the patch. > > Thats irrelevant. This only shows that user land was depending on a > prior undocumented behavior. > > It seems a libpcap issue to me. Kernel side provides all needed bits. > > When I want "tcpdump src port 2030", filter is : > > (000) ldh [12] > (001) jeq #0x86dd jt 2 jf 8 > (002) ldb [20] > (003) jeq #0x84 jt 6 jf 4 > (004) jeq #0x6 jt 6 jf 5 > (005) jeq #0x11 jt 6 jf 19 > (006) ldh [54] > (007) jeq #0x7ee jt 18 jf 19 > (008) jeq #0x800 jt 9 jf 19 > (009) ldb [23] > (010) jeq #0x84 jt 13 jf 11 > (011) jeq #0x6 jt 13 jf 12 > (012) jeq #0x11 jt 13 jf 19 > (013) ldh [20] > (014) jset #0x1fff jt 19 jf 15 > (015) ldxb 4*([14]&0xf) > (016) ldh [x + 14] > (017) jeq #0x7ee jt 18 jf 19 > (018) ret #96 > (019) ret #0 > > See how it handles both IPv4 and IPv6, and various protocols > automatically ? > > If I only wanted "udp and src port 2030" it would give : > > (000) ldh [12] > (001) jeq #0x86dd jt 2 jf 6 > (002) ldb [20] > (003) jeq #0x11 jt 4 jf 15 > (004) ldh [54] > (005) jeq #0x7ee jt 14 jf 15 > (006) jeq #0x800 jt 7 jf 15 > (007) ldb [23] > (008) jeq #0x11 jt 9 jf 15 > (009) ldh [20] > (010) jset #0x1fff jt 15 jf 11 > (011) ldxb 4*([14]&0xf) > (012) ldh [x + 14] > (013) jeq #0x7ee jt 14 jf 15 > (014) ret #96 > (015) ret #0 > > > > So when I want "tcpdump vlan 100" it generates : > > (000) ldh [12] > (001) jeq #0x8100 jt 2 jf 6 > (002) ldh [14] > (003) and #0xfff > (004) jeq #0x64 jt 5 jf 6 > (005) ret #96 > (006) ret #0 > > What's wrong instructing libpcap to extend the filter to be able to > get the correct result, vlan id being in skb->vlan_id (vlan accel on), > or in the packet itself (vlan accel off) > > This way, you could chose if you want to get only accelerated vlan, > or non accelerated vlan, or both. And you need no kernel hacking. > > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists