| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Aug 2015 21:17:41 +0200 From: Thomas Graf <tgraf@...g.ch> To: Joe Stringer <joestringer@...ira.com> Cc: Hannes Frederic Sowa <hannes@...hat.com>, Linux Netdev List <netdev@...r.kernel.org>, Linux Kernel <linux-kernel@...r.kernel.org>, Pablo Neira Ayuso <pablo@...filter.org>, Patrick McHardy <kaber@...sh.net>, Justin Pettit <jpettit@...ira.com>, Pravin Shelar <pshelar@...ira.com>, Andy Zhou <azhou@...ira.com>, Jesse Gross <jesse@...ira.com>, Florian Westphal <fwestpha@...hat.com> Subject: Re: [PATCH net-next 1/9] openvswitch: Scrub packet in ovs_vport_receive() On 07/31/15 at 10:51am, Joe Stringer wrote: > On 31 July 2015 at 07:34, Hannes Frederic Sowa <hannes@...hat.com> wrote: > > In general, this shouldn't be necessary as the packet should already be > > scrubbed before they arrive here. > > > > Could you maybe add a WARN_ON and check how those skbs with conntrack > > data traverse the stack? I also didn't understand why make it dependent > > on the socket. > > OK, sure. One case I could think of is with an OVS internal port in > another namespace, directly attached to the bridge. I'll have a play > around with WARN_ON and see if I can come up with something more > trimmed down. The OVS internal port will definitely pass through an unscrubbed packet across namespaces. I think the proper thing to do would be to scrub but conditionally keep metadata. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists