Re: [PATCH v2] net/sched: act_pedit: require matching IPv4 L4 protocol

Next message: patchwork-bot+netdevbpf: "Re: [PATCH] net: garp: reload skb header pointers after pskb_may_pull()"
Previous message: Swarna Prabhu: "Re: [RFC v1] io_uring/rsrc: add fast path huge page handling in buffer registration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Mon Jun 08 2026 - 22:20:06 EST

On Sun, 7 Jun 2026 19:35:46 +0000 Samuel Moelius wrote:
> The extended IPv4 L4 header mode in act_pedit can select TCP or UDP
> header fields without confirming that the IPv4 protocol field matches
> the selected transport header.
>
> That lets a rule written for TCP or UDP modify unrelated payload bytes
> in a packet carrying a different protocol.
>
> Verify that the IPv4 header is long enough, that the protocol matches
> the selected TCP or UDP header, and that the packet is not a non-initial
> fragment before applying TCP or UDP extended header edits.

This is a hardening patch?

It doesn't apply to either networking tree cleanly, please rebase on
net (if it's a fix) and net-next (if it's hardening) and repost
--
pw-bot: cr