| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <4E9DCEAD.7070603@verizon.net> Date: Tue, 18 Oct 2011 15:08:29 -0400 From: Jim Sansing <jjsansing@...izon.net> To: Linux Network Development list <netdev@...r.kernel.org> Subject: Comment on nf_queue NF_STOLEN patch I have been working on a kernel module that registers with netfilter, and I noticed that a patch was added to nf_queue that changed the handling of return code NF_FILTER from 'do nothing' to 'free the skb'. I'm not sure which kernel version this went in, but the date of the patch is Feb, 19, 2010. Everything I have read about netfilter states that it is up to the netfilter hook to free the skb if NF_STOLEN is returned. The implications of this patch from a hook programming perspective are: 1) If the skb is used after the return from the hook, it must be cloned. 2) The original skb must not be freed. I suggest that a comment be added to include/linux/netfilter.h that says explicitly the skb will be freed if NF_STOLEN is returned. Later . . . Jim -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists