| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Jan 2015 16:51:46 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Kumar Sanghvi <kumaras@...lsio.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: Query regarding sk_filter On Fri, Jan 9, 2015 at 3:23 AM, Kumar Sanghvi <kumaras@...lsio.com> wrote: > Hi netdev team, > > I have a query regarding sk_filter call in tcp receive path: > > In 'tcp_v4_rcv' function, if sk is found by __inet_lookup_skb then, > down the line, there is a call to sk_filter to ensure if the incoming packet > is allowed to be processed for that sk. > > However, in 'tcp_v4_hnd_req' function, if nsk is found by inet_lookup_established > then, later, there does not seem to be a sk_filter call for that nsk in the receive > path processing. > > I am wondering shouldn't there be a sk_filter call on nsk found in 'tcp_v4_hnd_req' > function ? Or, probably I am missing something. hmm. I'm not sure what you're seeing. tcp_v4_hnd_req() is called from tcp_v4_do_rcv() which is called after sk_filter() check is done in tcp_v4_rcv() (either directly or via prequeue/backlog) > I am running some high rate syn-flood tests and trying to understand > the sk_filter behaviour in this case. are you saying not all of syn packets are reaching filter? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists