lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALx6S37bfMpMhWTSL-WzumGfqywi0oJPnLqj_yEUs61AtyLZKA@mail.gmail.com>
Date:   Mon, 31 Oct 2016 13:29:23 -0700
From:   Tom Herbert <tom@...bertland.com>
To:     "Mintz, Yuval" <Yuval.Mintz@...ium.com>
Cc:     netdev <netdev@...r.kernel.org>
Subject: Re: XDP question - how much can BPF change in xdp_buff?

On Mon, Oct 31, 2016 at 11:31 AM, Mintz, Yuval <Yuval.Mintz@...ium.com> wrote:
> So I've [finally] started looking into implementing XDP
> for qede, and there's one thing I feel like I'm missing in
> regard to XDP_TX - what's the guarantee/requirement
> that the bpf program isn't going to transmute some fields
> of the rx packet in a way that would prevent the forwarding?
>
I think there are really two separate questions you're probably
asking. 1) Can XDP modify a packet in such a way that it won't be
forwarded by the driver when XDP_TX is returned, ie. driver would drop
packet  2) Does anything prevent the BPF program from modifying the
packet such that it becomes malformed (bad checksum, mangled headers,
etc.).

I believe the answer to #1 is "no", the XDP interface assumes raw
packets. If program returns XDP_TX then the driver will forward the
raw packet without any further consideration.

The answer to #2 is "no", there is no check that packet produced is
sensible. We assume that the user setting the XDP program knows what
they are doing.

> E.g., can a BPF change the TCP payload of an incoming packet
> without correcting its TCP checksum, and then expect the
> driver to transmit it [via XDP_TX]? If not, how is this enforced [if at all]?
>
It's not enforced. If program doesn't update a checksum then we assume
that forwarded packet is dropped at the receiver.

> [Looked at samples/bpf/xdp2_kern.c which manipulates the
> UDP header; so I'm not certain what prevents it from doing
> the same when checksum modifications would be required]
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ