From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
To: "Duyck, Alexander H" <alexander.h.duyck@intel.com>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: bug in ixgbe_atr
Date: Fri, 14 Oct 2016 16:00:18 -0700 [thread overview]
Message-ID: <20161014230018.GA31471@oracle.com> (raw)
In-Reply-To: <B1C1DF2ACD01FD4881736AA51731BAB2A0E025@ORSMSX107.amr.corp.intel.com>
On (10/14/16 16:09), Duyck, Alexander H wrote:
> Sorry I was thinking of a different piece of code. In the case of the
> atr code it would be hdr.network, not hdr.raw. Basically the thought
> was to validate that there is enough data in skb_headlen() that we can
> verify that from where the network header should be we have at least
> 40 bytes of data as that would be the minimum needed for a TCP header
> and an IPv4 header, or just an IPv6 header. We would probably need a
> separate follow-up for the TCP header after we validate network header.
:
>> Dropping it is fine with me I guess - maybe just return, if the
>> skb_headlen() doesnt have enough bytes for a network header, i.e.,
>> skb_headlen
>> is at least ETH_HLEN + sizeof (struct iphdr) for ETH_P_IP, or ETH_HLEN +
>> sizeof (struct ipv6hdr) for ETH_P_IPV6?
> Right that is kind of what I was thinking. If we validate that we
> have at least 40 before inspecting the network header, and at least 20
> before we validate the TCP header that would work for me.
yes, I was on a plane through most of the day today but thought about
this. I think we can check if skb_network_offset() is between
skb->data and tail, and also make sure there are "enough" bytes for
trying to find the ip and transport header.
Let me try to put a RFC patch together for this tomorrow.
prev parent reply other threads:[~2016-10-14 23:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-14 1:44 bug in ixgbe_atr Sowmini Varadhan
2016-10-14 2:06 ` Duyck, Alexander H
2016-10-14 3:48 ` Sowmini Varadhan
2016-10-14 16:09 ` Duyck, Alexander H
2016-10-14 23:00 ` Sowmini Varadhan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161014230018.GA31471@oracle.com \
--to=sowmini.varadhan@oracle.com \
--cc=alexander.h.duyck@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.