On 2018年01月17日 12:56, Willem de Bruijn wrote:
This just makes that check more strict. Frequency of malicious packets is
not really relevant if a single bad packet can cause damage.
The alternative to validate on kernel entry is to harden the entire segmentation
layer and lower part of the stack. That is much harder to get right and not
necessarily cheaper.
As a matter of fact, it incurs a cost on all packets, including the common
case generated by the protocol stack.
If packets can be fully validated at the source, we can eventually also
get rid of the entire SKB_GSO_DODGY and NETIF_F_GSO_ROBUST
logic. Then virtio packets won't have to enter the segmentation layer
at all for TSO capable devices.
On the contrary I think, if I read the code correctly, the point is to
delay the check as much as possible. Then for GSO_ROBUST device, we
don't even need to do any header check at all. This help for
performance. What's more, the check should be done layer by layer which
makes gso_segment a perfect place to do that.
Thanks
