lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <YgabcluXWaQY9tVv@t14s.localdomain> Date: Fri, 11 Feb 2022 14:22:58 -0300 From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> To: Davide Caratti <dcaratti@...hat.com> Cc: Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org, Oz Shlomo <ozsh@...dia.com>, Eelco Chaudron <echaudro@...hat.com> Subject: Re: [PATCH net-next] net/sched: act_police: more accurate MTU policing On Thu, Feb 10, 2022 at 06:56:08PM +0100, Davide Caratti wrote: > in current Linux, MTU policing does not take into account that packets at > the TC ingress have the L2 header pulled. Thus, the same TC police action > (with the same value of tcfp_mtu) behaves differently for ingress/egress. > In addition, the full GSO size is compared to tcfp_mtu: as a consequence, > the policer drops GSO packets even when individual segments have the L2 + > L3 + L4 + payload length below the configured valued of tcfp_mtu. > > Improve the accuracy of MTU policing as follows: > - account for mac_len for non-GSO packets at TC ingress. > - compare MTU threshold with the segmented size for GSO packets. > Also, add a kselftest that verifies the correct behavior. > > Signed-off-by: Davide Caratti <dcaratti@...hat.com> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Powered by blists - more mailing lists