lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Sep 2016 00:13:43 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     David Ahern <dsa@...ulusnetworks.com>,
        Eric Dumazet <eric.dumazet@...il.com>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        David Miller <davem@...emloft.net>, kuznet@....inr.ac.ru,
        jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net,
        avagin@...nvz.org, stephen@...workplumber.org
Subject: Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 11:07:22PM +0300, Cyrill Gorcunov wrote:
> > It may well be a ss bug / problem. As I mentioned I am always seeing 255 for the protocol which
> 
> It is rather not addressed in ss. I mean, look, when we send out a diag packet
> the kernel look ups for a handler, which for raw protocol we register as
> 
> static const struct inet_diag_handler raw_diag_handler = {
> 	.dump= raw_diag_dump,
> 	.dump_one= raw_diag_dump_one,
> 	.idiag_get_info= raw_diag_get_info,
> 	.idiag_type= IPPROTO_RAW,
> 	.idiag_info_size= 0,
> #ifdef CONFIG_INET_DIAG_DESTROY
> 	.destroy= raw_diag_destroy,
> #endif
> };
> 
> so if we patch ss and ask for IPPROTO_ICMP in netlink packet the
> kernel simply won't find anything. Thus I think we need (well, I need)
> to extend the patch and register IPPROTO_ICMP diag type, then
> extend ss as well. (If only I didn't miss somethin obvious).
> 
> > is odd since ss does a dump and takes the matches and invokes the kill.
> > Thanks for taking the time to do the kill piece.

Sorry for delay in reply (I got flu unexpectedly). You know, it eventually
become uneasy to implement handling for sock-raw because they are special.
They described as ipproto-ip in net/ipv4/af_inet.c, so it matches any
protocol specified with the socket call. In turn inet-diag module handled
predefined protocols only, in particular IPPROTO_RAW in our case. Thus
to fecth some real protocol sitting in raw sockets hashes we need some
kind of additional argument passed in the request. I guess we may
use @idiag_ext field for this sake? Or require @idiag_ext to have
INET_DIAG_PROTOCOL bit set and then fetch real protocol from
additional attribute? Sounds ok?

	Cyrill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ