2016-07-04 13:02 GMT+02:00 Daniel Borkmann :
> Yeah, checks cannot be carried over in two occasions: i) calling helpers
> that change skb->data (and therefore prior checks become invalid) and
> ii) tail calls. For tail calls the verifier doesn't know how such programs
> will be used or shared (e.g.
On 07/02/2016 11:29 PM, Thomas Graf wrote:
Hi
When using direct packet access I noticed that the verifier cannot
cary the packet length validation check across tail calls. This is
mainly a burden for L4 where L3 may require some more expensive logic
to handle variable length headers.
Yeah, che