[Oisf-devel] Linux af-packet::mmap tpacket_v1/v2 - possibility of stale data being read by user space

Victor Julien victor at inliniac.net
Thu Jul 14 18:17:58 UTC 2011

On 07/14/2011 07:38 PM, chetan loke wrote:
> Hello,
> FYI:
> If any of the libraries(netsniff etc) used by suricata use
> af-packet::mmap mode then there's a chance of stale data being read by
> user space. Possible to see this behavior on Jumbo frames(9k) because
> of the longer payload. If you are running on just x86, you should be
> fine.
> Dave just accepted the patch. For more info -
> http://patchwork.ozlabs.org/patch/104466/. The patch attempts to plug
> that hole by flushing the status_bit in the end.

Thanks Chetan. Suricata doesn't use netsniff or to my knowledge anything
else that uses af-packet, so we should be safe.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list