On (01/27/17 15:51), Willem de Bruijn wrote:
:
> - limit capable() check to drivers with with .validate callback
(aka second option below)
:
> - let privileged applications shoot themselves in the foot (change nothing).
> The second will break variable length header protocols unless
> you exhaustively search for all variable length protocols and add
> validate callbacks first.
other than ax25, are there variable length header protocols out there
without ->validate, and which need the CAP_RAW_SYSIO branch?
I realize that, to an extent, even ethernet is a protocol whose
header is > 14 with vlan, but from the google search, seems like it
was mostly ax25 that really triggered a large part of the check.
If we think that there are a large number of these (that dont have a
->validate, to fix up things as desired) I'd just go for the "change
nothing in pf_packet" option.
As I found out many drivers like ixgbe and sunvnet have defensive checks
in the Tx path anyway, and xen_netfront can also join that group with
a few simple checks.
