lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANr6G5x19zc8qK0gtPBFzMD02xMxieFqGpv9-nkKyiZ1MzSUwA@mail.gmail.com>
Date:	Sat, 14 Feb 2015 20:47:33 -0800
From:	Joe Stringer <joestringer@...ira.com>
To:	Thomas Graf <tgraf@...g.ch>
Cc:	Linux Netdev List <netdev@...r.kernel.org>,
	Justin Pettit <jpettit@...ira.com>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	"dev@...nvswitch.org" <dev@...nvswitch.org>
Subject: Re: [RFC net-next 3/4] openvswitch: Add conntrack action.

On 14 February 2015 at 11:56, Thomas Graf <tgraf@...g.ch> wrote:
> On 02/14/15 at 12:13am, Joe Stringer wrote:
>
> [..]
>
>> +static bool skb_has_valid_nfct(const struct net *net, u16 zone,
>> +                            const struct sk_buff *skb)
>> +{
>> +     enum ip_conntrack_info ctinfo;
>> +     struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
>> +
>> +     if (!ct)
>> +             return false;
>> +     if (!net_eq(net, ct->ct_net))
>> +             return false;
>
> I'm surprised that this is needed. Shouldn't we call skb_scrub_packet()
> between namespaces and invalidate the ct associated with the skb.

Right, it was more of a general sanity check which is likely unneeded.
I'm not aware of any particular case that this handles.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ