| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Apr 2015 12:56:22 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: David Miller <davem@...emloft.net> Cc: fw@...len.de, netdev@...r.kernel.org, kaber@...sh.net Subject: Re: [PATCH -next 0/3] net: cap size to original frag size when refragmenting David Miller <davem@...emloft.net> wrote: > > Because then there is no ambiguity at all, you preserve on output > exactly what you had on input. The same geometry, the same > everything. No special checks, no max frag len, none of this crap. > Those are all hacks trying to work around the _fundamental_ issue > which is that we potentially change the thing when we refrag. Agreed. Doing anything other than preserving the original geometry is simply wrong. However, this doesn't mean that netfilter has to process each fragment. What we could do is to preserve the original fragments in frag_list and then process the overall skb as a unit in netfilter. On output we simply fragment according to the original frag_list. The only thing to watch out for is to eliminate anything in the middle that tries to linearise the skb. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists