| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <77d33f93c82345dba8f9302765885b9b@autoliv.com>
Date: Thu, 22 Mar 2018 10:11:03 +0000
From: Mikael Arvids <mikael.arvids@...oliv.com>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Drop count for VLAN tagged packets when interface is in promiscuous
mode
Hi,
I have questions regarding how packet drops are counted in net/core/dev.c.
We open a raw socket (with ETH_P_ALL) in promiscuous mode to capture all packets we receive from a mirrored port on a switch, and in order to ensure that we are not missing any packets we check the rx_dropped statistics on the interface (in addition to the PACKET_STATISTICS on the socket).
Under certain circumstances we could see dropped packets on the interface, even though we were not missing any packets in the capture. After some investigation we concluded that the drop counter were incremented for VLAN tagged PTP packets (ether_type 0x88f7), even though these were captured on the raw socket.
It turns out that packets with an unknown VLAN tag and ether_type other than IP (0x0800) and ARP (0x0806) will increment the drop counter, even when those packets have been processed (by the raw socket). Is this intended?
We have currently patched net/core/dev.c to not increment the drop counter when deliver_skb has been called for the vlan packets, which solves our particular case, but I'm wondering if there could be a more generic solution to this?
diff --git a/components/linux-kernel/xilinx-v2016.3/net/core/dev.c b/components/linux-kernel/xilinx-v2016.3/net/core/dev.c
index 5c925ac..9d04a1c 100644
--- a/components/linux-kernel/xilinx-v2016.3/net/core/dev.c
+++ b/components/linux-kernel/xilinx-v2016.3/net/core/dev.c
@@ -4028,6 +4028,7 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc)
bool deliver_exact = false;
int ret = NET_RX_DROP;
__be16 type;
+ bool prevent_drop_cnt_inc = false;
net_timestamp_check(!netdev_tstamp_prequeue, skb);
@@ -4098,6 +4099,7 @@ ncls:
if (pt_prev) {
ret = deliver_skb(skb, pt_prev, orig_dev);
pt_prev = NULL;
+ prevent_drop_cnt_inc = true;
}
if (vlan_do_receive(&skb))
goto another_round;
@@ -4160,8 +4162,10 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
- if (!deliver_exact)
- atomic_long_inc(&skb->dev->rx_dropped);
+ if (!deliver_exact) {
+ if (!prevent_drop_cnt_inc)
+ atomic_long_inc(&skb->dev->rx_dropped);
+ }
else
atomic_long_inc(&skb->dev->rx_nohandler);
kfree_skb(skb);
Best regards,
Mikael Arvids
***************************************************************
Consider the environment before printing this message.
To read the Companies' Information and Confidentiality Notice, follow this link:
https://www.autoliv.com/autoliv-email-disclaimer
***************************************************************
Powered by blists - more mailing lists