[Oisf-devel] Linux af-packet::mmap tpacket_v1/v2 - possibility of stale data being read by user space
Victor Julien
victor at inliniac.net
Thu Jul 14 18:17:58 UTC 2011
On 07/14/2011 07:38 PM, chetan loke wrote:
> Hello,
>
> FYI:
>
> If any of the libraries(netsniff etc) used by suricata use
> af-packet::mmap mode then there's a chance of stale data being read by
> user space. Possible to see this behavior on Jumbo frames(9k) because
> of the longer payload. If you are running on just x86, you should be
> fine.
>
> Dave just accepted the patch. For more info -
> http://patchwork.ozlabs.org/patch/104466/. The patch attempts to plug
> that hole by flushing the status_bit in the end.
>
Thanks Chetan. Suricata doesn't use netsniff or to my knowledge anything
else that uses af-packet, so we should be safe.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list