[meta-freescale] Etherleak detected from NESSUS security scan

Sona Sarmadi sona.sarmadi at enea.com
Mon Aug 22 13:12:19 PDT 2016 

Thanks Zhenhua for your help.

See my comments in-line.

//Sona

On 2016-08-22 08:04, Zhenhua Luo wrote:
>
>  
>
> Nessus scan reports a vulnerability in the FSL/NXP DPAA Linux Ethernet
> driver (on P2041, linux-qoriq-sdk/3.8-r11.1):
>
> */[Luo Zhenhua] May I know which SDK is used? There have been more
> than one SDK based on 3.8? /*
>
> */Has this scanner been run against a system running SDK 2.0?  Can it
> be? /*
>
[Sona] the SDK version is 1.5. Is it the same?
>
> */Which MAC type (dtsec or tgec) was this seen with?  Is there any
> information about specific packet data it saw?/*
>
>  
>
The customer is using dtesc.
>
>  
>
>
> I need to confirm that the FSL driver is handling padding properly,
> could you please help me with this?
>
> There seems to be no software padding, instead I assume the HW is
> doing the padding. Is this correct?
>
> */[Luo Zhenhua] Yes  /*
>
>  
>
> *//*
>
> */For DTSEC padding is enabled by MACCFG2[PAD/CRC] which is set in
> fman_dtsec_init(). /*
>
> */For TGEC the source code claims that it always pads, though from a
> quick search I couldn't find an explicit statement of that in the
> hardware documentation./*
>
>  
>
/Looking at code I see that this hardware padding is set but I don't
understand why our customer's Nessus scan report padding issue !! I will
check if this problem listed in the errata.
*
*/
The defaults are set in this function which is called from
fman/Peripherals/FM/MAC/dtsec.c: 

fman_dtsec_defconfig(p_DtsecDriverParam); 


void fman_dtsec_defconfig(struct dtsec_cfg *cfg) 
{ 
        cfg->halfdup_on = DEFAULT_HALFDUP_ON; 
        cfg->halfdup_retransmit = DEFAULT_HALFDUP_RETRANSMIT; 
        cfg->halfdup_coll_window = DEFAULT_HALFDUP_COLL_WINDOW; 
        cfg->halfdup_excess_defer = DEFAULT_HALFDUP_EXCESS_DEFER; 
        cfg->halfdup_no_backoff = DEFAULT_HALFDUP_NO_BACKOFF; 
        cfg->halfdup_bp_no_backoff = DEFAULT_HALFDUP_BP_NO_BACKOFF; 
        cfg->halfdup_alt_backoff_val = DEFAULT_HALFDUP_ALT_BACKOFF_VAL; 
        cfg->halfdup_alt_backoff_en = DEFAULT_HALFDUP_ALT_BACKOFF_EN; 
        cfg->rx_drop_bcast = DEFAULT_RX_DROP_BCAST; 
        cfg->rx_short_frm = DEFAULT_RX_SHORT_FRM; 
        cfg->rx_len_check = DEFAULT_RX_LEN_CHECK; 
        cfg->tx_pad_crc = DEFAULT_TX_PAD_CRC; <<<<<< 
        cfg->tx_crc = DEFAULT_TX_CRC;*//*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-freescale/attachments/20160822/a557b9b2/attachment.html>

More information about the meta-freescale mailing list