lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190118143503.3h2tv4fujl4w25mz@salvia>
Date:   Fri, 18 Jan 2019 15:35:03 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Florian Westphal <fw@...len.de>
Cc:     wenxu@...oud.cn, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org, David Ahern <dsahern@...il.com>
Subject: Re: [PATCH v3] netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type

On Fri, Jan 18, 2019 at 03:32:08PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@...filter.org> wrote:
> > > +	case NFT_META_IIFKIND:
> > > +		if (in == NULL || in->rtnl_link_ops == NULL)
> > > +			goto err;
> > > +		strncpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ);
> > 
> > It seems kind can be arbitrarily large, no limitation in its length.
> 
> Its limited to 60 or 56 bytes it seems:
> char kind[MODULE_NAME_LEN];
> 
> nla_strlcpy(kind, linfo[IFLA_INFO_KIND], sizeof(kind));
> 
> (linkinfo_to_kind_ops in rtnetlink.c).
> 
> > Thinking...
> > 
> > There is no other way to identify a vft device rather than this
> > string? The only l3mdev that exists if vrf, right?
> 
> There is, I suggested this more generic approach, as it would allow
> to create rules that match on the kind of device used (vrf, ppp, etc.).

Ah I see.

> If you think its too generic, ok.

I think it's fine, thanks for explaining.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ