lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jul 2019 10:37:29 +0100 From: Lorenz Bauer <lmb@...udflare.com> To: Petar Penkov <ppenkov.kernel@...il.com> Cc: Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>, davem@...emloft.net, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Eric Dumazet <edumazet@...gle.com>, Stanislav Fomichev <sdf@...gle.com>, Petar Penkov <ppenkov@...gle.com> Subject: Re: [bpf-next 6/6] selftests/bpf: add test for bpf_tcp_gen_syncookie On Tue, 23 Jul 2019 at 01:20, Petar Penkov <ppenkov.kernel@...il.com> wrote: > +static __always_inline __s64 gen_syncookie(void *data_end, struct bpf_sock *sk, > + void *iph, __u32 ip_size, > + struct tcphdr *tcph) > +{ > + __u32 thlen = tcph->doff * 4; > + > + if (tcph->syn && !tcph->ack) { > + // packet should only have an MSS option > + if (thlen != 24) > + return 0; Just for my own understanding: without this the verifier complains since thlen is not a known value, even though it is in bounds due to the check below? > + > + if ((void *)tcph + thlen > data_end) > + return 0; > + > + return bpf_tcp_gen_syncookie(sk, iph, ip_size, tcph, thlen); > + } > + return 0; > +} > + -- Lorenz Bauer | Systems Engineer 6th Floor, County Hall/The Riverside Building, SE1 7PB, UK www.cloudflare.com
Powered by blists - more mailing lists