| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 May 2014 15:43:16 +0930 From: David Newall <davidn@...idnewall.com> To: David Miller <davem@...emloft.net> CC: bdschuym@...dora.be, fw@...len.de, stephen@...workplumber.org, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, bridge@...ts.linux-foundation.org, bsd@...hat.com, vyasevich@...il.com Subject: Re: Revert 462fb2af9788a82a534f8184abfde31574e1cfa0 (bridge : Sanitize skb before it enters the IP stack) On 31/05/14 10:16, David Miller wrote: > I don't see why you don't simply keep br_parse_ip_options() around > and adjust it as you need, you're just mostly duplicating it's > contents into br_nf_pre_routing(). More accurately, I'm *restoring* br_parse_ip_options()'s contents to br_nf_pre_routing(). The reasons why are twofold: I'm undoing a change which turns out to have been a mistake; and leaving it largely as-is, just removing the call to ip_options_compile(), would be confusing in that the name (br_pase_ip_options()) gives an expectation of function that would be untrue. I can see an argument in favour of leaving br_parse_options() around, being that it is called from three places, and thus restoring the code removes checks which are currently being performed. They weren't being performed before and it's not clear that they are needed, but if you say that it would be better, I'll leave it around and just remove the call to ip_options_compile(). Just say the word. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists