| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2011 23:05:18 +0800 From: Changli Gao <xiaosuo@...il.com> To: Ben Hutchings <bhutchings@...arflare.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, Tom Herbert <therbert@...gle.com>, netdev@...r.kernel.org Subject: Re: net: rps: support 802.1Q On Fri, Aug 19, 2011 at 7:54 PM, Ben Hutchings <bhutchings@...arflare.com> wrote: > > Should this really be reading an unlimited number of tags? Not unlimited, but it won't stop until reaching the end of the packet. > What if an > attacker starts sending packets full of VLAN tags? Since this runs > before netfilter, there would be no way to prevent those packets burning > our CPU time. And if there are legitimately multiple VLAN tags, they > presumably won't all have the 802.1q Ethertype. > Do we need to limit the number of rounds to stop this kind of "bad" packets from burning our CPU time? Then, __netif_receive_skb() has to be update too, so the inspection of tunnel in __skb_get_rxhash() does. Is there a such limitation in xfrm? Thanks. -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists