Brace yourselves, more netfilter bugs are coming! https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt … Bets on number of bugs in the first week
-
Prikaži ovu nit
-
I thought netfilter/iptables is an attempt to build
#bpf. No, turns out it's an attempt to build#bpf twice Get a taste of API surface: https://github.com/google/syzkaller/blob/master/sys/linux/netfilter.txt … https://github.com/google/syzkaller/blob/master/sys/linux/netfilter_targets.txt … https://github.com/google/syzkaller/blob/master/sys/linux/netfilter_arp.txt … https://github.com/google/syzkaller/blob/master/sys/linux/netfilter_bridge.txt … https://github.com/google/syzkaller/blob/master/sys/linux/netfilter_ipv4.txt …https://github.com/google/syzkaller/blob/master/sys/linux/netfilter_ipv6.txt …1 reply 0 proslijeđenih tweetova 2 korisnika označavaju da im se sviđaPrikaži ovu nit -
Now, turns out there is also "netfilter tables API": https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt … which reimplements all of the same with another set of expressions, objects, containers, registers, control flow, etc _and_ also includes all of the legacy "xtables" recursively:https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt#L400-L412 …
1 reply 0 proslijeđenih tweetova 5 korisnika označava da im se sviđaPrikaži ovu nit
nf_table_api.c (just a subpart) is 8K lines of complex stateful C code: https://elixir.bootlin.com/linux/v5.5-rc6/source/net/netfilter/nf_tables_api.c … Wonder what amount of resources was put into testing all of this... Like really testing, not just on few expected scenarios. All of this is open to any unpriv user and containers.
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.