lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20140825.125201.1587978115657653201.davem@davemloft.net>
Date:	Mon, 25 Aug 2014 12:52:01 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	jiri@...nulli.us
Cc:	netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org,
	yoshfuji@...ux-ipv6.org, stephen@...workplumber.org,
	cwang@...pensource.com, pshelar@...ira.com,
	nicolas.dichtel@...nd.com, therbert@...gle.com,
	dborkman@...hat.com, edumazet@...gle.com
Subject: Re: [patch net-next 1/3] net: propagate sock pointer through
 netfilter hooks

From: Jiri Pirko <jiri@...nulli.us>
Date: Mon, 25 Aug 2014 21:29:26 +0200

> Mon, Aug 25, 2014 at 08:51:03PM CEST, davem@...emloft.net wrote:
>>From: Jiri Pirko <jiri@...nulli.us>
>>Date: Mon, 25 Aug 2014 16:05:10 +0200
>>
>>> Dave, I see that the patchset is in state "Changes requested". I do not
>>> think I understand what is needed to be done at this point. Would you
>>> please tell me? Thanks.
>>
>>I said there is too much churn so I want an alternative approach
>>considered.
>>
>>Also want you to fix the ipv6 fragmentation error too.
> 
> 
> Hmm. When skb->x adding is no-go and propagating sk through nf hooks is
> no go, I really do not see the way to fix this... I might be missing
> something though...

Change the order of operations so that sk can be evaluated and tested
earlier in the code paths, before the NF_HOOK executes.

Or only store the boolean result of the test in the sk_buff.

Please, try to be creative, do not just see black and white. :-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ