| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Mar 2016 22:07:10 -0700 From: Ben Greear <greearb@...delatech.com> To: Vijay Pandurangan <vijayp@...ayp.ca> CC: Cong Wang <xiyou.wangcong@...il.com>, netdev <netdev@...r.kernel.org>, Evan Jones <ej@...njones.ca>, Cong Wang <cwang@...pensource.com> Subject: Re: veth regression with "don’t modify ip_summed; doing so treats packets with bad checksums as good." On 03/24/2016 09:45 PM, Vijay Pandurangan wrote: > Actually, maybe they should be set to CHECKSUM_PARTIAL if we want veth > to drop the packets if they have bad checksums before they hit the > application level. VETH is pretty special in that when you transmit a frame on one device, it's pair receives it, and unless there is RAM corruption or bugs in the kernel, then it cannot be corrupted. But, if you are routing frames from the network to veth devices, then the original packet could be corrupted, as described in your patch. Probably the right behaviour is to keep the old logic for packets originating from sockets, at least. I am not sure of a good way to implement that. As for testing, I am not sure. Probably you have to make a good effort and then just deal with fallout like what I found. I would guess that any of us who have ever written an interesting patch have also written an interesting bug! Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists