lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 8 Jun 2023 17:04:57 +0200
From: Davide Caratti <dcaratti@...hat.com>
To: Florian Westphal <fw@...len.de>
Cc: netdev@...r.kernel.org, kuba@...nel.org, edumazet@...gle.com, 
	davem@...emloft.net, pabeni@...hat.com, jhs@...atatu.com, 
	xiyou.wangcong@...il.com, jiri@...nulli.us, 
	Simon Horman <simon.horman@...igine.com>
Subject: Re: [PATCH net v2 2/3] net/sched: act_ipt: add sanity checks on skb
 before calling target

hello Florian,

On Thu, Jun 8, 2023 at 4:04 PM Florian Westphal <fw@...len.de> wrote:
>
> Netfilter targets make assumptions on the skb state, for example
> iphdr is supposed to be in the linear area.
>
[...]

> @@ -244,9 +264,22 @@ TC_INDIRECT_SCOPE int tcf_ipt_act(struct sk_buff *skb,
>                 .pf     = NFPROTO_IPV4,
>         };
>
> +       if (skb->protocol != htons(ETH_P_IP))
> +               return TC_ACT_UNSPEC;
> +

maybe this can be converted to skb_protocol(skb, ...)  so that it's
clear how VLAN packets are treated ?
thanks!
-- 
davide

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ