| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Nov 2018 16:54:47 +0530 From: "Anand H. Krishnan" <anandhkrishnan@...il.com> To: netdev@...r.kernel.org Subject: Re: VETH & AF_PACKET problem [bump] Hello, Any ideas? AF_PACKET with veth seems to be incompatible. I am using DPDK to bind af_packet with one end of VETH pair and the other end of the pair is in a container. Thanks, Anand On Mon, Nov 12, 2018 at 12:42 PM Anand H. Krishnan <anandhkrishnan@...il.com> wrote: > > Hello, > > We are seeing a problem with AF_PACKET when used along with the > veth interfaces. SCP complains that message authentication code is > incorrect. > > I was browsing the code and I see that veth_xmit calls ____dev_forward_skb > which does a skb_scrub_packet, which in turn calls the skb destructor function. > > In the case of packets coming from the AF_PACKET socket, the destructor > function seems to set all the mmap-ed pages to be available for user space to > copy any new packet it wants. Isn't this a problem? > > skb_orphan_frags, called by ____dev_forward_skb, seems to do the right thing, > but it probably does not get called for packets from AF_PACKET socket, since the > skb is not a zero copy skb (SKBTX_DEV_ZEROCOPY is not set). > > Did I miss something basic here? > > (Please cc me, since I am not part of this list) > > Thanks, > Anand
Powered by blists - more mailing lists