From: Ben Greear <greearb@candelatech.com>
To: Jeff Garzik <garzik@havoc.gtf.org>
Cc: "David S. Miller" <davem@redhat.com>,
jd@epcnet.de, linux-kernel@vger.kernel.org
Subject: Re: AW: Re: AW: Re: VLAN and Network Drivers 2.4.x
Date: Wed, 24 Apr 2002 11:04:47 -0700 [thread overview]
Message-ID: <3CC6F3BF.8050504@candelatech.com> (raw)
In-Reply-To: <20020424.093515.82125943.davem@redhat.com> <721506265.avixxmail@nexxnet.epcnet.de> <20020424.095951.43413800.davem@redhat.com> <3CC6EBF1.9060902@candelatech.com> <20020424134933.A17852@havoc.gtf.org>
Jeff Garzik wrote:
> On Wed, Apr 24, 2002 at 10:31:29AM -0700, Ben Greear wrote:
>
>>Also, is there any good reason that we can't get at least a compile
>>time change into some of the drivers like tulip where we know we can
>>get at least MOST of the cards supported with a small change?
>>
>
> The tulip patch is butt-ugly - the oversized allocation isn't needed,
> and it just flat-out turns off large packet protection. That's really
> not what you want to do, even for the best tulip cards. If an oversized
> gram (non-VLAN) makes it into a network which such a patched tulip
> driver, you can DoS. So, I view the current tulip patch as unacceptable
> too -- for security reasons, we should not even take it as a compile
> time patch. (and I recommend against using that patch on production
> machines, for the same security reasons)
I can DOS a tulip card with very small packets too ;)
The oversized allocations can be removed from the patch since they
are not needed.
> The proper tulip patch does not need to change packet allocation size
> at all (it's already plenty big enough), and it needs to copy the RX
> fragment handling code from 8139cp (which is admittedly ugly, slow path)
> or write fresh fragment handling code. Along with that fragment
> handling code comes a safe way to do VLAN, and non-standard large MTUs
> in general.
In the general case, where the packets are only 1518 (ie no DoS or mis-configured
hardware is in effect), is there a need for the "ugly, slow path" code to run?
--
Ben Greear <greearb@candelatech.com> <Ben_Greear AT excite.com>
President of Candela Technologies Inc http://www.candelatech.com
ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear
next prev parent reply other threads:[~2002-04-24 18:04 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-24 15:09 VLAN and Network Drivers 2.4.x jd
2002-04-24 13:04 ` David S. Miller
2002-04-24 16:23 ` AW: " jd
2002-04-24 16:35 ` David S. Miller
2002-04-24 17:03 ` AW: " jd
2002-04-24 16:59 ` David S. Miller
2002-04-24 17:31 ` Ben Greear
2002-04-24 17:25 ` David S. Miller
2002-04-24 17:58 ` Ben Greear
2002-04-24 17:56 ` David S. Miller
2002-04-24 19:43 ` Ben Greear
2002-04-24 22:23 ` AW: " jd
2002-04-24 17:49 ` Jeff Garzik
2002-04-24 18:04 ` Ben Greear [this message]
2002-04-24 18:10 ` Jeff Garzik
2002-04-24 18:07 ` Matti Aarnio
2002-04-24 18:13 ` Jeff Garzik
2002-04-24 17:42 ` AW: " jd
2002-04-24 17:40 ` David S. Miller
2002-04-24 22:28 ` AW: " jd
2002-04-24 22:21 ` David S. Miller
2002-04-25 4:26 ` AW: Re: AW: Re: AW: Re: AW: Re: AW: Re: AW: Re: AW: [was: VLAN and Network Drivers 2.4.x] Dax Kelson
[not found] ` <200204242141.02957.bodnar42@phalynx.dhs.org>
2002-04-25 4:43 ` Ryan Cumming
2002-04-25 10:19 ` Matthias Andree
2002-04-25 13:45 ` AW: Re: AW: Re: AW: Re: AW: Re: AW: Re: VLAN and Network Drivers 2.4.x jd
2002-04-26 0:46 ` David S. Miller
2002-04-27 20:34 ` jd
2002-04-28 2:43 ` David S. Miller
2002-04-28 20:28 ` jd
2002-04-29 3:49 ` David S. Miller
2002-04-29 5:20 ` How to enable printk Wanghong Yuan
2002-04-28 6:33 ` Uilton Dutra
2002-04-29 6:33 ` Itai Nahshon
2002-04-29 6:52 ` Chris Wright
2002-04-29 11:37 ` David Woodhouse
2002-04-30 17:12 ` Denis Vlasenko
2002-04-30 12:55 ` David Woodhouse
2002-04-30 18:03 ` Denis Vlasenko
2002-04-30 13:14 ` David Woodhouse
2002-04-29 22:15 ` Accurately measure CPU cycles used by a program? thanks Wanghong Yuan
2002-04-29 22:22 ` J.A. Magallon
2002-04-30 16:30 ` Zach Brown
2002-05-10 23:49 ` Corey Minyard
2002-04-30 22:15 ` what replaces tq_scheduler in 2.4 Wanghong Yuan
2002-04-30 22:31 ` Andrew Morton
2002-05-02 15:44 ` Ingo Oeser
2002-05-03 0:13 ` Wanghong Yuan
2002-05-03 18:04 ` Andrew Morton
2002-05-01 6:41 ` suspend a thread in LKM Wanghong Yuan
2002-04-29 9:06 ` VLAN and Network Drivers 2.4.x jd
2002-04-25 10:20 ` Matthias Andree
2002-04-24 16:39 ` AW: " Pasi Kärkkäinen
2002-04-24 16:18 ` Ben Greear
2002-04-24 16:46 ` AW: " jd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CC6F3BF.8050504@candelatech.com \
--to=greearb@candelatech.com \
--cc=davem@redhat.com \
--cc=garzik@havoc.gtf.org \
--cc=jd@epcnet.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.