On Mon, Feb 24, 2025 at 02:26:44PM -0800, Jakub Kicinski wrote: > On Fri, 21 Feb 2025 14:12:19 +0800 Jiayuan Chen wrote: > > + /* Check if we should pass this packet. > > + * BPF filter instructions assume each PPP packet has a 4-byte > > + * header (e.g., those generated by libpcap), and then default > > + * to skipping the first 2 bytes at the beginning of the > > + * instruction. However, we still need to initialize these > > + * 2-byte new headers to prevent crafted BPF programs from > > + * reading them which would cause reading of uninitialized > > + * data. Here, we set the headers according to the RFC 1662. > > + */ > > + *(u16 *)skb_push(skb, 2) = htons(0xff03); > > The constant from the RFC deserves a #define or enum. > Looks like we may already need it in one other place: > > drivers/net/wan/fsl_ucc_hdlc.h:#define DEFAULT_PPP_HEAD 0xff03 > -- > pw-bot: cr Hi Jakub, I apologize for the mistake, I've investigated the original maintainer's user-space PPP implementation and libpcap's behavior, and found that initializing the first byte to 0 or 1 is necessary, it indicates direction, which is used in libpcap to distinguish between inbound and outbound traffic. For more details, please refer to the cover letter of my v3 patch. https://lore.kernel.org/linux-ppp/20250222092556.274267-1-jiayuan.chen@xxxxxxxxx/T/#t
