Date: Fri, 21 Jan 2000 23:24:36 -0700 From: Brett Glass <brett@lariat.org> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, keramida@ceid.upatras.gr Cc: dillon@apollo.backplane.com (Matthew Dillon), imp@village.org (Warner Losh), avalon@coombs.anu.edu.au (Darren Reed), security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <4.2.2.20000121231704.01977b60@localhost> In-Reply-To: <200001220614.WAA59998@gndrsh.dnsmgr.net> References: <20000122044638.B27337@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:14 PM 1/21/2000 , Rodney W. Grimes wrote: >(Your (a) above is invalid data between the ip layer and tcp, handled at >either output from ip or as input to tcp in the upwards stack direction, >and (c) is output from tcp to ip in the downward stack direction.) Actually, it's invalid data in a LOT of cases. I think that the check should be pushed downward and that the packet source address should be flagged as multicast in the mbuf flags. This could eliminate quite a few tests. Try the command grep IN_MULTICAST /sys/netinet/* | more and you'll see what I mean. (Not all of the tests would be subsumed by this, but many would. There's also a check in /sys/net/if_ethersubr.c.) --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000121231704.01977b60>