On 08/17/2015 11:02 PM, David Miller wrote:
From: Daniel Borkmann <dan...@iogearbox.net> Date: Fri, 14 Aug 2015 12:38:21 +0200diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 67d2104..4307446 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -238,6 +238,13 @@ static void __netlink_deliver_tap(struct sk_buff *skb) static void netlink_deliver_tap(struct sk_buff *skb) { + /* Netlink mmaped skbs must not access shared info, and thus + * are not allowed to be cloned. For now, just don't allow + * them to get inspected by taps. + */ + if (netlink_skb_is_mmaped(skb)) + return; +I would seriously rather see us do an expensive full copy of the SKB than to have traffic which is unexpectedly invisible to taps.
Do you mean generically as we do in TX path, or only in this particular scenario? Thanks, Daniel -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
