lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 15 Dec 2017 11:37:14 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     mahesh@...dewar.net
Cc:     netdev@...r.kernel.org, edumazet@...gle.com, maheshb@...gle.com
Subject: Re: [PATCH next 0/2] ipvlan: packet scrub

From: Mahesh Bandewar <mahesh@...dewar.net>
Date: Wed, 13 Dec 2017 14:40:12 -0800

> From: Mahesh Bandewar <maheshb@...gle.com>
> 
> While crossing namespace boundary IPvlan aggressively scrubs packets.
> This is creating problems. First thing is that scrubbing changes the 
> packet type in skb meta-data to PACKET_HOST. This causes erroneous
> packet delivery when dev_forward_skb() has already marked the packet
> type as OTHER_HOST.
> 
> On the egress side scrubbing just before calling dev_queue_xmit()
> creates another set of problems. Scrubbing remove skb->sk so the
> prio update gets missed and more seriously, socket back-pressure
> fails making TSQ not function correctly.
> 
> The first patch in the series just reverts the earlier change which
> was adding a mac-check, but that is unnecessary if packet_type that
> dev_forward_skb() has set is honored. The second path removes two of
> the scrubs which are causing problems described above.

Series applied, thanks for following up on this.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ