| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <537D73ED.4010400@davidnewall.com> Date: Thu, 22 May 2014 13:20:05 +0930 From: David Newall <davidn@...idnewall.com> To: Bart De Schuymer <bdschuym@...dora.be>, Florian Westphal <fw@...len.de>, "David S. Miller" <davem@...emloft.net> CC: Stephen Hemminger <stephen@...workplumber.org>, Netdev <netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org, bridge@...ts.linux-foundation.org Subject: Re: Revert 462fb2af9788a82a534f8184abfde31574e1cfa0 (bridge : Sanitize skb before it enters the IP stack) On 22/05/14 04:21, Bart De Schuymer wrote: > There's no reason why they should overlap in the cb: it's 48 bytes > big, so big enough to hold both struct br_input_skb_cb and struct > inet_skb_parm. No reason, aside from the math, I think. Those 48 bytes appear to be used for 16 bytes of ip_options plus up to 40 bytes of options data, so we're using pretend-space; of which we'd need more to squeeze br_input_skb_cb in at the same time. I hate opening a second can of worms, but, if I read this right, IPCB is quite, quite broken. > As for your other remark: as I've said before, if you don't like > bridge-netfilter then don't compile it into your kernel. That's not very helpful. I could say, with just as much merit, that it should be marked deprecated (so that it's not compiled into distribution kernels) and you can compile it into yours. What I dislike is that bridge-netfilter is faulty. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists