| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20131109.142706.307323939750387593.davem@davemloft.net> Date: Sat, 09 Nov 2013 14:27:06 -0500 (EST) From: David Miller <davem@...emloft.net> To: jhs@...atatu.com Cc: tgraf@...g.ch, jbenc@...hat.com, netdev@...r.kernel.org, pablo@...filter.org Subject: Re: [PATCH net] netlink: fix netlink_ack with large messages From: Jamal Hadi Salim <jhs@...atatu.com> Date: Sat, 09 Nov 2013 08:43:51 -0500 > for errors, we need to give the user something back. This has been the > behavior for 80 years now. Giving them a HUGE message > back is rediculuos(tm). Ive had enough of SCTP doing that. > We need to cap it - sort of what ICMP does. > ICMP caps at 64B; something like 128B is reasonable. It is correct that we really can't change existing behavior. I want to do something smarter in the new cases where we can. nftables is the first thing that works with such enormous messages, so let's create a facility such that nftables netlink users don't need to get the entire quote message back. That's why I suggested a per-subsystem flag, that entities like nftables can set when it registers, that says "don't quote the message in the ACK." Or, alternatively, let's have the application set this flag, via a socket option or similar. Both approaches work for me, and the latter probably gains us the most over time as we can make sure that eventually all the major netlink apps start setting the flag. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists