| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180214.145447.509783691173905296.davem@davemloft.net> Date: Wed, 14 Feb 2018 14:54:47 -0500 (EST) From: David Miller <davem@...emloft.net> To: dja@...ens.net Cc: netdev@...r.kernel.org Subject: Re: [PATCH 0/3] Updates to segmentation-offloads.txt From: Daniel Axtens <dja@...ens.net> Date: Wed, 14 Feb 2018 18:05:30 +1100 > I've been trying to wrap my head around GSO for a while now. This is a > set of small changes to the docs that would probably have been helpful > when I was starting out. > > I realise that GSO_DODGY is still a notable omission - I'm hesitant to > write too much on it just yet as I don't understand it well and I > think it's in the process of changing. Series applied, thanks for doing this. Generally speaking, the "dodgy" attributes mean that the packet came from an "untrusted" source such as a virtualization guest or similar. When set, it tells us that we cannot trust the GSO attributes of the packet nor the geometry of the SKB. For example, a malicious guest could sent us a TCP packet, yet set SCTP GSO attributes. It largely means that we have to perform extra verifications and sanity checking that would not be necessary for in-kernel generated GSO packets which we could assume are properly formed. Thanks.
Powered by blists - more mailing lists