diff options
| author | Stanislav Fomichev <sdf@google.com> | 2019-04-01 13:57:33 -0700 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2019-04-03 16:49:48 +0200 |
| commit | 2ee7fba0d62d638d8b6dbe30cada3a531ec042af (patch) | |
| tree | 885eee23a75ca15ab8336bca87f53edc65fc0836 /Documentation/networking | |
| parent | b9e9c8599f0f23e3d2051befc9966a84b639f64f (diff) | |
| download | linux-2ee7fba0d62d638d8b6dbe30cada3a531ec042af.tar.gz linux-2ee7fba0d62d638d8b6dbe30cada3a531ec042af.tar.bz2 linux-2ee7fba0d62d638d8b6dbe30cada3a531ec042af.zip | |
flow_dissector: allow access only to a subset of __sk_buff fields
Use whitelist instead of a blacklist and allow only a small set of
fields that might be relevant in the context of flow dissector:
* data
* data_end
* flow_keys
This is required for the eth_get_headlen case where we have only a
chunk of data to dissect (i.e. trying to read the other skb fields
doesn't make sense).
Note, that it is a breaking API change! However, we've provided
flow_keys->n_proto as a substitute for skb->protocol; and there is
no need to manually handle skb->vlan_present. So even if we
break somebody, the migration is trivial. Unfortunately, we can't
support eth_get_headlen use-case without those breaking changes.
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'Documentation/networking')
0 files changed, 0 insertions, 0 deletions