diff options
author | Sowmini Varadhan <sowmini.varadhan@oracle.com> | 2017-01-12 05:10:11 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-01-12 10:23:26 -0500 |
commit | 4d7b9dc1f36a99423a6171d393040165fb135530 (patch) | |
tree | 9cf9841d98aa2b47e2b41ab5c6e2ed652d2cce80 /COPYING | |
parent | 79471b10d67a52f5b3744d2e14c06437a65746f2 (diff) | |
download | op-kernel-dev-4d7b9dc1f36a99423a6171d393040165fb135530.zip op-kernel-dev-4d7b9dc1f36a99423a6171d393040165fb135530.tar.gz |
tools: psock_lib: harden socket filter used by psock tests
The filter added by sock_setfilter is intended to only permit
packets matching the pattern set up by create_payload(), but
we only check the ip_len, and a single test-character in
the IP packet to ensure this condition.
Harden the filter by adding additional constraints so that we only
permit UDP/IPv4 packets that meet the ip_len and test-character
requirements. Include the bpf_asm src as a comment, in case this
needs to be enhanced in the future
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions