On Tue, Nov 1, 2016 at 12:59 PM, Thomas Graf <tg...@suug.ch> wrote: > On 1 November 2016 at 12:27, Tom Herbert <t...@herbertland.com> wrote: >> On Tue, Nov 1, 2016 at 12:11 PM, Thomas Graf <tg...@suug.ch> wrote: >>> You can do the same with act_pedit or cls_bpf at dev_queue_xmit() >>> before or after you go into the encapsulation device. This is a tool >>> for root, if you install a drop all ssh rule then you won't be able to >>> log into the box anymore. If you modify the packet and render it >>> invalid, the packet will be dropped. >>> If you attach a VLAN header while VLAN offload is already set up, then >>> the hardware will add another VLAN header, this is what I would >>> expect. I truly hope that we don't have code which crashes if we >>> dev_queue_xmit() garbage into any device. That would be horrible. >>> >>> Do you have a specific example that could be a problem? >> >> I believe Alexander was dealing with problems where drivers were not >> properly handling IP extension headers. We regularly get reports about > > There are many ways to cause IP extension headers to be inserted. How > is this specific to BPF or this series? > >> driver checksum failures on edge conditions. Making a fully functional > > Not sure what an "edge condition" is? Untrusted networks? How is > drivers crashing on receive related to this series? > >> and efficient transmit data path is nontrivial, there are many >> assumptions being made some documented some not. When drivers crash we >> either fix the driver or the protocol stack that is doing something >> bad. > > Tom, we have a dozen ways to modify packet content already and we have > multiple ways to take raw packet data from userspace and inject them > at dev_queue_xmit() level and some even above. What is different for > lwtunnel_xmit()? > > This is entirely optional and nobody is forced to use any of this. If > you don't trust the BPF program then you better not run in. It's about > the same as trusting a random tc filter or iptables ruleset. The > important point is that integrity is maintained at all times.I would > love to address any specific concern.
You need to show that is integrity is maintained with these patches. Part of this can be done, but part of this needs to be established in testing. I've already given specifics for at least one potential source of issues in routing issues. I would like to know what happens if someone rewrites an IPv4 packet into IPv6 packet or vice versa. AFAICT we would be send an IPv6 using an IPv4 route, or an IPv4 using an IPv6 route. What is supposed to happen in these circumstances? What actually happens? Similarly, someone overwrites the whole packet with 0xff. What happens when we try to send that? Tom
