| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54E0B67A.1030000@6wind.com>
Date: Sun, 15 Feb 2015 16:08:42 +0100
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Joe Stringer <joestringer@...ira.com>, Thomas Graf <tgraf@...g.ch>
CC: Linux Netdev List <netdev@...r.kernel.org>,
Justin Pettit <jpettit@...ira.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
"dev@...nvswitch.org" <dev@...nvswitch.org>
Subject: Re: [RFC net-next 3/4] openvswitch: Add conntrack action.
Le 15/02/2015 05:47, Joe Stringer a écrit :
> On 14 February 2015 at 11:56, Thomas Graf <tgraf@...g.ch> wrote:
>> On 02/14/15 at 12:13am, Joe Stringer wrote:
>>
>> [..]
>>
>>> +static bool skb_has_valid_nfct(const struct net *net, u16 zone,
>>> + const struct sk_buff *skb)
>>> +{
>>> + enum ip_conntrack_info ctinfo;
>>> + struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
>>> +
>>> + if (!ct)
>>> + return false;
>>> + if (!net_eq(net, ct->ct_net))
>>> + return false;
>>
>> I'm surprised that this is needed. Shouldn't we call skb_scrub_packet()
>> between namespaces and invalidate the ct associated with the skb.
>
> Right, it was more of a general sanity check which is likely unneeded.
> I'm not aware of any particular case that this handles.
I agree with Thomas. If we fall into this case, it's probably a real bug ;-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists