| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Apr 2016 18:01:29 -0400 From: Vijay Pandurangan <vijayp@...ayp.ca> To: Ben Greear <greearb@...delatech.com> Cc: Tom Herbert <tom@...bertland.com>, Ben Hutchings <ben@...adent.org.uk>, Sabrina Dubroca <sd@...asysnail.net>, Hannes Frederic Sowa <hannes@...essinduktion.org>, LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org, akpm@...ux-foundation.org, "David S. Miller" <davem@...emloft.net>, Cong Wang <cwang@...pensource.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Evan Jones <ej@...njones.ca>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, Phil Sutter <phil@....cc>, Toshiaki Makita <makita.toshiaki@....ntt.co.jp>, Cong Wang <xiyou.wangcong@...il.com> Subject: Re: [PATCH 3.2 085/115] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good. On Sat, Apr 30, 2016 at 5:52 PM, Ben Greear <greearb@...delatech.com> wrote: >> >> Good point, so if you had: >> >> eth0 <-> raw <-> user space-bridge <-> raw <-> vethA <-> veth B <-> >> userspace-stub <->eth1 >> >> and user-space hub enabled this elide flag, things would work, right? >> Then, it seems like what we need is a way to tell the kernel >> router/bridge logic to follow elide signals in packets coming from >> veth. I'm not sure what the best way to do this is because I'm less >> familiar with conventions in that part of the kernel, but assuming >> there's a way to do this, would it be acceptable? > > > You cannot receive on one veth without transmitting on the other, so > I think the elide csum logic can go on the raw-socket, and apply to packets > in the transmit-from-user-space direction. Just allowing the socket to make > the veth behave like it used to before this patch in question should be good > enough, since that worked for us for years. So, just an option to modify > the > ip_summed for pkts sent on a socket is probably sufficient. I don't think this is right. Consider: - App A sends out corrupt packets 50% of the time and discards inbound data. - App B doesn't care about corrupt packets and is happy to receive them and has some way of dealing with them (special case) - App C is a regular app, say nc or something. In your world, where A decides what happens to data it transmits, then A<--veth-->B and A<---wire-->B will have the same behaviour but A<-- veth --> C and A<-- wire --> C will have _different_ behaviour: C will behave incorrectly if it's connected over veth but correctly if connected with a wire. That is a bug. Since A cannot know what the app it's talking to will desire, I argue that both sides of a message must be opted in to this optimization. > >>> There may be no sockets on the vethB port. And reader/writer is not >>> a good way to look at it since I am implementing a bi-directional bridge >>> in >>> user-space and each packet-socket is for both rx and tx. >> >> >> Sure, but we could model a bidrectional connection as two >> unidirectional sockets for our discussions here, right? > > > Best not to I think, you want to make sure that one socket can > correctly handle tx and rx. As long as that works, then using > uni-directional sockets should work too. > > > Thanks, > Ben > > -- > Ben Greear <greearb@...delatech.com> > Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists