[Oisf-devel] Linux af-packet::mmap tpacket_v1/v2 - possibility of stale data being read by user space

chetan loke loke.chetan at gmail.com
Thu Jul 14 17:38:25 UTC 2011


Hello,

FYI:

If any of the libraries(netsniff etc) used by suricata use
af-packet::mmap mode then there's a chance of stale data being read by
user space. Possible to see this behavior on Jumbo frames(9k) because
of the longer payload. If you are running on just x86, you should be
fine.

Dave just accepted the patch. For more info -
http://patchwork.ozlabs.org/patch/104466/. The patch attempts to plug
that hole by flushing the status_bit in the end.



Chetan Loke



More information about the Oisf-devel mailing list