I believe there is a bug in this code if the "ether type" is a 802.1AD, because the code only "skips" sizeof(struct vlan_hdr), and the 802.1AD header is twice as widehttps://github.com/cloudflare/cloudflare-blog/blob/master/2018-07-dropping-packets/xdp-drop-ebpf.c#L33-L41 …
-
-
- 4 more replies
New conversation -
-
-
Nice post! If everyone switches more logic into XDP will we have an "arms race" of sending vs. dropping, or is it mostly irrelevant because attackers usually can't load eBPF code? Thanks!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.