| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Feb 2019 15:58:31 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>,
Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: netdev@...r.kernel.org, ast@...nel.org, posk.devel@...il.com,
dja@...ens.net, Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH bpf] bpf: only adjust gso_size on bytestream protocols
Hi Willem,
On 02/11/2019 05:00 AM, Alexei Starovoitov wrote:
> On Thu, Feb 07, 2019 at 02:54:16PM -0500, Willem de Bruijn wrote:
>> From: Willem de Bruijn <willemb@...gle.com>
>>
>> bpf_skb_change_proto and bpf_skb_adjust_room change skb header length.
>> For GSO packets they adjust gso_size to maintain the same MTU.
>>
>> The gso size can only be safely adjusted on bytestream protocols.
>> Commit d02f51cbcf12 ("bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat
>> to deal with gso sctp skbs") excluded SKB_GSO_SCTP.
>>
>> Since then type SKB_GSO_UDP_L4 has been added, whose contents are one
>> gso_size unit per datagram. Also exclude these.
>>
>> Move from a blacklist to a whitelist check to future proof against
>> additional such new GSO types, e.g., for fraglist based GRO.
>>
>> Fixes: bec1f6f69736 ("udp: generate gso with UDP_SEGMENT")
>> Signed-off-by: Willem de Bruijn <willemb@...gle.com>
>
> Applied to bpf tree.
> I agree that whitelist approach is the most appropriate.
What would be needed to get UDP GSO working with nat64 work above? I don't
really mind about SCTP, but sucks that this doesn't guarantee full support
for TCP *and* UDP at least. :/
Thanks,
Daniel
Powered by blists - more mailing lists