| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250410101824.GA6272@breakpoint.cc>
Date: Thu, 10 Apr 2025 12:18:24 +0200
From: Florian Westphal <fw@...len.de>
To: Huajian Yang <huajianyang@...micro.com>
Cc: pablo@...filter.org, fw@...len.de, kadlec@...filter.org,
razor@...ckwall.org, idosch@...dia.com, davem@...emloft.net,
dsahern@...nel.org, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, horms@...nel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
bridge@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: Move specific fragmented packet to slow_path
instead of dropping it
Huajian Yang <huajianyang@...micro.com> wrote:
> --- a/net/bridge/netfilter/nf_conntrack_bridge.c
> +++ b/net/bridge/netfilter/nf_conntrack_bridge.c
> @@ -61,18 +61,14 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
> struct sk_buff *frag;
>
> if (first_len - hlen > mtu ||
> - skb_headroom(skb) < ll_rs)
> - goto blackhole;
I would prefer to keep blackhole logic for the mtu tests,
i.e.
if (first_len - hlen > mtu)
goto blackhole;
same for the frag->len test in the skb_walk_frags loop.
>From what I understood the problem is only because of
the lower devices' headroom requirement.
Powered by blists - more mailing lists