lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 22 Aug 2014 07:56:57 +0200
From:	Jiri Pirko <>
To:	David Miller <>
Subject: Re: [patch net-next 1/3] net: propagate sock pointer through
 netfilter hooks

Fri, Aug 22, 2014 at 02:33:39AM CEST, wrote:
>From: Jiri Pirko <>
>Date: Fri, 15 Aug 2014 20:32:54 +0200
>> When output function (ip6_finish_output2 for example) needs to be called
>> with sock pointer, we need to push sock pointer through the netfilter
>> hooks. This patch does that.
>> Signed-off-by: Jiri Pirko <>
>Ok, I'm going to admit that I am having second thoughts about this
>approach.  This is a quite large set of churn to fix this bug.
>However, in the same breath, I can't come up with a simpler way to
>propagate this information without the really unacceptable overhead of
>adding another sk_buff member.
>And even if we found some simple way to deal with that sk_mc_loop()
>test, ipv6 has other demons in this area.
>For example, look at what ip6_fragment() does, it also assumes skb->sk
>is an inet6 socket.
>	struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
> ...
>	if (np && np->frag_size < mtu) {
>		if (np->frag_size)
>			mtu = np->frag_size;
>	}
>The rest of the skb->sk usage in these place is fine, as they are
>simply propagating socket ownership from one packet to another, rather
>than doing protocol specific things with them.

You are correct. Another code can benefit from proparated sk as well. I
found couple of other possible places on the way (which I unfortunatelly
did not noted :/).

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists