lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CACzMAJ+tr5scCOqSYFVRFhpAbHKSp21bzTDHdx8JSLzMLQS+ug@mail.gmail.com>
Date:	Thu, 14 May 2015 21:21:20 -0700
From:	Andy Zhou <azhou@...ira.com>
To:	David Miller <davem@...emloft.net>
Cc:	Florian Westphal <fw@...len.de>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [net-next fragmentation icmp v4 3/4] bridge_netfilter: No ICMP
 packet on IPv4 defragmentation timeout

O.K. I will drop this patch in the next Rev.

On Thu, May 14, 2015 at 2:42 PM, David Miller <davem@...emloft.net> wrote:
> From: Andy Zhou <azhou@...ira.com>
> Date: Thu, 14 May 2015 12:54:23 -0700
>
>> On Thu, May 14, 2015 at 1:59 AM, Florian Westphal <fw@...len.de> wrote:
>>> Andy Zhou <azhou@...ira.com> wrote:
>>>> Currently, on defragmentation timeout error, ICMP error message
>>>> will be generated. This is fine when they are used in a routing context,
>>>> but does not make sense in the context of bridging netfilter.
>>>>
>>>> This patch adds a bit (IPSKB_NO_FRAG_ICMP) in IPCB to control
>>>> whether ICMP error message should be generated. br_netfiler sets
>>>> this bit.
>>>
>>> Could you please explain why we need this patch?
>>> After the previous change (patch 2 in your series), we will already
>>> bail out before hitting
>>>
>>> /* Send an ICMP "Fragment Reassembly Timeout" message. */
>>> icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
>>>
>>> in ip_expire() based on qp->user value test?
>>
>> Letting caller making the decision seems to be a better design choice
>> rather than implicit
>> logic embedded within the function.  It is also more flexible and
>> robust when we need to extend 'user'
>> range down the road.
>
> You're doing useless testing for a hypothetical situation which may
> never come to fruitation at all.
>
> I don't think that ever qualifies as a legitimate objection.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ