On Tue, 20 Sep 2016 09:45:28 -0700 Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote:
> To your other question: > > Please explain why a eBPF program error (div by zero) must be a silent > > drop? > > because 'div by zero' is an abnormal situation that shouldn't be exploited. > Meaning if xdp program is doing DoS prevention and it has a bug that > attacker can now exploit by sending a crafted packet that causes > 'div by zero' and kernel will warn then attack got successful. > Therefore it has to be silent drop. Understood and documented: https://github.com/netoptimizer/prototype-kernel/commit/a4e60e2d7a894 Our current solution is not very optimal, it only result in onetime WARN_ONCE() see bpf_warn_invalid_xdp_action(). But is should not be affected by the DoS attack scenario you described. -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer
