| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240603120917.GY491852@kernel.org> Date: Mon, 3 Jun 2024 13:09:17 +0100 From: Simon Horman <horms@...nel.org> To: Donald Hunter <donald.hunter@...il.com> Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...filter.org>, netfilter-devel@...r.kernel.org, donald.hunter@...hat.com Subject: Re: [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb On Mon, Jun 03, 2024 at 10:19:27AM +0100, Donald Hunter wrote: > Simon Horman <horms@...nel.org> writes: > > > On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote: > >> Use consume_skb in the batch code path to avoid generating spurious > >> NOT_SPECIFIED skb drop reasons. > >> > >> Signed-off-by: Donald Hunter <donald.hunter@...il.com> > > > > Hi Donald, > > > > I do wonder if this is the correct approach. I'm happy to stand corrected, > > but my understanding is that consume_skb() is for situations where the skb > > is no longer needed for reasons other than errors. But some of these > > call-sites do appear to be error paths of sorts. > > > > ... > > Hi Simon, > > They all look to be application layer errors which are either > communicated back to the client or cause a replay. My understanding is > that consume_skb() should be used here since kfree_skb() now implies a > (transport?) drop. Hi Donald, Thanks, that makes sense to me.
Powered by blists - more mailing lists