/* * netsniff-ng - the packet sniffing beast * Copyright 2012 Markus Amend , Deutsche Flugsicherung GmbH * Subject to the GPL, version 2. * * IP Authentication Header described in RFC4302 */ #include #include #include /* for ntohs() */ #include "proto.h" #include "protos.h" #include "dissector_eth.h" #include "built_in.h" #include "pkt_buff.h" struct auth_hdr { uint8_t h_next_header; uint8_t h_payload_len; uint16_t h_reserved; uint32_t h_spi; uint32_t h_snf; } __packed; static void auth_hdr(struct pkt_buff *pkt) { size_t i, hdr_len; struct auth_hdr *auth_ops; auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops)); if (auth_ops == NULL) return; hdr_len = (auth_ops->h_payload_len * 4) + 8; tprintf(" [ Authentication Header "); tprintf("NextHdr (%u), ", auth_ops->h_next_header); if (hdr_len > pkt_len(pkt)) { tprintf("HdrLen (%u, %zd Bytes %s), ", auth_ops->h_payload_len, hdr_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrLen (%u, %zd Bytes), ",auth_ops->h_payload_len, hdr_len); tprintf("Reserved (0x%x), ", ntohs(auth_ops->h_reserved)); /* TODO * Upgrade for Extended (64-bit) Sequence Number * http://tools.ietf.org/html/rfc4302#section-2.5.1 */ tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi)); tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf)); tprintf("ICV 0x"); for (i = sizeof(struct auth_hdr); i < hdr_len; i++) { uint8_t *data = pkt_pull(pkt, 1); if (data == NULL) { tprintf("%sinvalid%s", colorize_start_full(black, red), colorize_end()); break; } tprintf("%02x", *data); } tprintf(" ]\n"); pkt_set_proto(pkt, ð_lay3, auth_ops->h_next_header); } static void auth_hdr_less(struct pkt_buff *pkt) { ssize_t hdr_len; struct auth_hdr *auth_ops; auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops)); if (auth_ops == NULL) return; hdr_len = (auth_ops->h_payload_len * 4) + 8; if (hdr_len > pkt_len(pkt) || hdr_len < 0) return; tprintf(" AH"); pkt_pull(pkt, hdr_len - sizeof(*auth_ops)); pkt_set_proto(pkt, ð_lay3, auth_ops->h_next_header); } struct protocol ip_auth_ops = { .key = 0x33, .print_full = auth_hdr, .print_less = auth_hdr_less, }; option>
path: root/Documentation
diff options
context:
space:
mode:
authorEric Sandeen <sandeen@redhat.com>2016-04-06 07:05:41 +1000
committerDave Chinner <david@fromorbit.com>2016-04-06 07:05:41 +1000
commitd0a58e833931234c44e515b5b8bede32bd4e6eed (patch)
tree249271a40ca39f7c0da43e6ef010082a54ea549d /Documentation
parentf55532a0c0b8bb6148f4e07853b876ef73bc69ca (diff)
xfs: disallow rw remount on fs with unknown ro-compat features
Today, a kernel which refuses to mount a filesystem read-write due to unknown ro-compat features can still transition to read-write via the remount path. The old kernel is most likely none the wiser, because it's unaware of the new feature, and isn't using it. However, writing to the filesystem may well corrupt metadata related to that new feature, and moving to a newer kernel which understand the feature will have problems. Right now the only ro-compat feature we have is the free inode btree, which showed up in v3.16. It would be good to push this back to all the active stable kernels, I think, so that if anyone is using newer mkfs (which enables the finobt feature) with older kernel releases, they'll be protected. Cc: <stable@vger.kernel.org> # 3.10.x- Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Bill O'Donnell <billodo@redhat.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
Diffstat (limited to 'Documentation')