lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 1 May 2015 11:46:19 +0200
From:	Florian Westphal <fw@...len.de>
To:	Jamal Hadi Salim <jhs@...atatu.com>
Cc:	Florian Westphal <fw@...len.de>, netdev@...r.kernel.org
Subject: Re: [PATCH -next] net: sched: remove TC_MUNGED bits

Jamal Hadi Salim <jhs@...atatu.com> wrote:
> On 04/30/15 17:16, Alexei Starovoitov wrote:
> >On Thu, Apr 30, 2015 at 12:12:00PM +0200, Florian Westphal wrote:
> >>Not used.
> >>
> >>pedit sets TC_MUNGED when packet content was altered, but all the core
> >>does is unset MUNGED again and then set OK2MUNGE.
> >>
> >>And the latter isn't tested anywhere. So lets remove both
> >>TC_MUNGED and TC_OK2MUNGE.
> >>
> >>Signed-off-by: Florian Westphal <fw@...len.de>
> >
> >Wanted to do the same.
> >iproute2 doesn't use 'munge' flag either.
> >
> >Acked-by: Alexei Starovoitov <ast@...mgrid.com>
> >
> 
> Florian,
> If you are going to take this path then fix pedit to do a pskb_expand.

Jamal, what about this:

- I'll wait for this patch to be accepted or rejected
- same for your suggested rttl removal patch to go in

After that I will then send out all my pending tc_verd patches.

As for pedit, my suggestion would be to use skb_make_writeable(),
something like.... (untested):

-                       ptr = skb_header_pointer(skb, off + offset, 4, &_data);
-                       if (!ptr)
+                       if (!skb_make_writable(skb, off + offset + 4))
                                goto bad;
+
+                       ptr = skb->data + off + offset;
+

Does that sound ok?  I can send a followup patch to take care of pedit.

[ I'd first move skb_make_writeable out of netfilter core, of course ]

> I think it would be better to fix the actions that do
> pskb_expand_head() and let them indicated they were munged.

I don't think 'i was munged' flag is needed, the helper should
do on-demand copy if needed to get us exclusive access.

Thanks Jamal.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ