lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Aug 2014 07:56:57 +0200 From: Jiri Pirko <jiri@...nulli.us> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, stephen@...workplumber.org, cwang@...pensource.com, pshelar@...ira.com, nicolas.dichtel@...nd.com, therbert@...gle.com, dborkman@...hat.com, edumazet@...gle.com Subject: Re: [patch net-next 1/3] net: propagate sock pointer through netfilter hooks Fri, Aug 22, 2014 at 02:33:39AM CEST, davem@...emloft.net wrote: >From: Jiri Pirko <jiri@...nulli.us> >Date: Fri, 15 Aug 2014 20:32:54 +0200 > >> When output function (ip6_finish_output2 for example) needs to be called >> with sock pointer, we need to push sock pointer through the netfilter >> hooks. This patch does that. >> >> Signed-off-by: Jiri Pirko <jiri@...nulli.us> > >Ok, I'm going to admit that I am having second thoughts about this >approach. This is a quite large set of churn to fix this bug. > >However, in the same breath, I can't come up with a simpler way to >propagate this information without the really unacceptable overhead of >adding another sk_buff member. > >And even if we found some simple way to deal with that sk_mc_loop() >test, ipv6 has other demons in this area. > >For example, look at what ip6_fragment() does, it also assumes skb->sk >is an inet6 socket. > > struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; > ... > if (np && np->frag_size < mtu) { > if (np->frag_size) > mtu = np->frag_size; > } > >The rest of the skb->sk usage in these place is fine, as they are >simply propagating socket ownership from one packet to another, rather >than doing protocol specific things with them. You are correct. Another code can benefit from proparated sk as well. I found couple of other possible places on the way (which I unfortunatelly did not noted :/). -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists