| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Dec 2014 07:48:44 -0800
From: Andy Lutomirski <luto@...capital.net>
To: Willem de Bruijn <willemb@...gle.com>
Cc: Network Development <netdev@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
Richard Cochran <richardcochran@...il.com>
Subject: Re: [PATCH net-next 2/3] net-timestamp: allow reading recv cmsg on
errqueue with origin tstamp
On Mon, Dec 1, 2014 at 7:41 AM, Willem de Bruijn <willemb@...gle.com> wrote:
>>> The recv cmsg interfaces are also relevant to the discussion of
>>> whether looping packet headers is problematic. For v6, cmsgs that
>>> identify many headers are already returned. This patch expands
>>> that to v4. If it sounds reasonable, I will follow with patches
>>>
>>> 1. request timestamps without payload with SOF_TIMESTAMPING_OPT_TSONLY
>>> (http://patchwork.ozlabs.org/patch/366967/)
>>> 2. sysctl to conditionally drop all timestamps that have payload or
>>> cmsg from users without CAP_NET_RAW.
>>> ---
>
>>> +SOF_TIMESTAMPING_OPT_CMSG:
>>> +
>>> + Support recv() cmsg for all timestamped packets. Control messages
>>> + are already supported unconditionally on all packets with receive
>>> + timestamps and on IPv6 packets with transmit timestamp. This option
>>> + extends them to IPv4 packets with transmit timestamp. One use case
>>> + is to correlate packets with their egress device, by enabling socket
>>> + option IP_PKTINFO simultaneously.
>>> +
>>
>> I haven't tested yet, but where in the code is the check for
>> IP_PKTINFO being requested? I may have missed it.
>
> See comment below
>
>>> diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
>>> index 59eba6c..640f26c 100644
>>> --- a/net/ipv4/ip_sockglue.c
>>> +++ b/net/ipv4/ip_sockglue.c
>>> @@ -399,6 +399,22 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
>>> kfree_skb(skb);
>>> }
>>>
>>> +static bool ipv4_pktinfo_prepare_errqueue(const struct sock *sk,
>>> + const struct sk_buff *skb,
>>> + int ee_origin)
>>> +{
>>> + struct in_pktinfo *info = PKTINFO_SKB_CB(skb);
>>> +
>>> + if ((ee_origin != SO_EE_ORIGIN_TIMESTAMPING) ||
>>> + (!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) ||
>>> + (!skb->dev))
>>> + return false;
>
> This function is called to decide whether to call ip_cmsg_recv when
> the origin is not SO_EE_ORIGIN_ICMP. For other origins, the pktinfo
> field is not initialized, so we initialize it here.
>
> The socket owner must still set socket option IP_PKTINFO to exercise
> the relevant code in ip_cmsg_recv:
>
> unsigned int flags = inet->cmsg_flags;
>
> if (flags & 1)
> ip_cmsg_recv_pktinfo(msg, skb);
>
> and
>
> net/ipv4/ip_sockglue.c:48:#define IP_CMSG_PKTINFO 1
>
Aha, got it. I'm really not very familiar with the network plumbing
-- I just use it from the userspace side and occasionally try to write
patches when something doesn't work :)
>
>>> +
>>> + info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;
>>
>> Is this the source addr chosen by the initial routing decision when
>> the packet was sent, or is it the final source addr on the way out?
>> If the latter, is this an information leak when network namespaces are
>> in use?
>
> Not as long as the entire payload is looped back with the metadata,
> as it is currently. Note my suggested fix at the top: to give processes
> an option to request timestamps without either, and to give the
> administrator the option to drop all others.
So what happens to ipi_spec_dst if that admin option is set?
--Andy
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists