Jeff Garzik wrote:
> On Wed, Apr 24, 2002 at 10:31:29AM -0700, Ben Greear wrote:
>
>>Also, is there any good reason that we can't get at least a compile
>>time change into some of the drivers like tulip where we know we can
>>get at least MOST of the cards supported with a small change?
>>
>
> The tulip patch is butt-ugly - the oversized allocation isn't needed,
> and it just flat-out turns off large packet protection. That's really
> not what you want to do, even for the best tulip cards. If an oversized
> gram (non-VLAN) makes it into a network which such a patched tulip
> driver, you can DoS. So, I view the current tulip patch as unacceptable
> too -- for security reasons, we should not even take it as a compile
> time patch. (and I recommend against using that patch on production
> machines, for the same security reasons)
I can DOS a tulip card with very small packets too ;)
The oversized allocations can be removed from the patch since they
are not needed.
> The proper tulip patch does not need to change packet allocation size
> at all (it's already plenty big enough), and it needs to copy the RX
> fragment handling code from 8139cp (which is admittedly ugly, slow path)
> or write fresh fragment handling code. Along with that fragment
> handling code comes a safe way to do VLAN, and non-standard large MTUs
> in general.
In the general case, where the packets are only 1518 (ie no DoS or mis-configured
hardware is in effect), is there a need for the "ugly, slow path" code to run?
-- Ben Greear <greearb@candelatech.com> <Ben_Greear AT excite.com> President of Candela Technologies Inc http://www.candelatech.com ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 30 2002 - 22:00:09 EST