lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1175684114.4088.12.camel@localhost>
Date:	Wed, 04 Apr 2007 06:55:14 -0400
From:	jamal <hadi@...erus.ca>
To:	Denys <denys@...p.net.lb>
Cc:	Patrick McHardy <kaber@...sh.net>,
	Stephen Hemminger <shemminger@...ux-foundation.org>,
	netdev@...r.kernel.org
Subject: Re: one more... iproute commands lockup whole system


On Wed, 2007-04-04 at 05:11 +0300, Denys wrote:
> I think this highly useful feature given by jamal, difficult to be avoided 
> from crash, if user not enough experienced in networking(like me). I guess 
> packet can be even not ipv4/ipv6 packet, maybe it can be cloned IPX or ARP, 
> so TTL field cannot be used. I checked maybe sk_buff have some fields, seems 
> also bad luck, if there can be something like "internal" counter for packet, 
> how much times it got redirected, it will help. 

Adding a field in the skb that keeps track of things would work well,
but would be a controvesial thing to do because it actually requires a
vector not just one field. There is a filed called cb[] but it cant be
used in this case because every time we redirect it could be trampled.

> But in my case of VLAN's it 
> is really my own mistake and difficult to avoid it. Only bad thing - machine 
> got completely locked up, and if it is remote system - it will not oops/or 
> reboot even. But i dont have any idea in mind how to avoid this, only than 
> big warning in DOC and internal iproute2 help :-)

Your case is easy to detect in user space because it is within the same
policy.
Would simple detection and rejection in tc/userspace be useful to add?
Note, this doesnt help the general problem though where you have nesting
as described in the document.

cheers,
jamal

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ