On 01/12/2017 02:10 PM, Sowmini Varadhan wrote:
The filter added by sock_setfilter is intended to only permit
packets matching the pattern set up by create_payload(), but
we only check the ip_len, and a single test-character in
the IP packet to ensure this condition.
Harden the filter by adding additional constraints so that we only
permit UDP/IPv4 packets that meet the ip_len and test-character
requirements. Include the bpf_asm src as a comment, in case this
needs to be enhanced in the future
Signed-off-by: Sowmini Varadhan <sowmini.varad...@oracle.com>
LGTM, thanks!
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
