| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2024 13:14:41 +0100 From: Simon Horman <horms@...nel.org> To: Pablo Neira Ayuso <pablo@...filter.org> Cc: netdev@...r.kernel.org, davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com, laforge@...ocom.org, pespin@...mocom.de, osmith@...mocom.de Subject: Re: [PATCH net-next,v3 02/12] gtp: properly parse extension headers On Tue, May 07, 2024 at 01:52:41AM +0200, Pablo Neira Ayuso wrote: > Currently GTP packets are dropped if the next extension field is set to > non-zero value, but this are valid GTP packets. > > TS 29.281 provides a longer header format, which is defined as struct > gtp1_header_long. Such long header format is used if any of the S, PN, E > flags is set. > > This long header is 4 bytes longer than struct gtp1_header, plus > variable length (optional) extension headers. The next extension header > field is zero is no extension header is provided. > > The extension header is composed of a length field which includes total > number of 4 byte words including the extension header itself (1 byte), > payload (variable length) and next type (1 byte). The extension header > size and its payload is aligned to 4 bytes. > > A GTP packet might come with a chain extensions headers, which makes it > slightly cumbersome to parse because the extension next header field > comes at the end of the extension header, and there is a need to check > if this field becomes zero to stop the extension header parser. > > Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org> Reviewed-by: Simon Horman <horms@...nel.org>
Powered by blists - more mailing lists