| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <29fea23839cf489488f9228a44e79d21@AcuMS.aculab.com> Date: Mon, 23 Sep 2024 15:45:27 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Jakub Sitnicki' <jakub@...udflare.com>, Martin KaFai Lau <martin.lau@...ux.dev>, 'Tiago Lam' <tiagolam@...udflare.com>, Eric Dumazet <edumazet@...gle.com>, Willem de Bruijn <willemdebruijn.kernel@...il.com> CC: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Alexei Starovoitov" <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, "Andrii Nakryiko" <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, "linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>, "kernel-team@...udflare.com" <kernel-team@...udflare.com> Subject: RE: [RFC PATCH v2 2/3] ipv6: Support setting src port in sendmsg(). From: Jakub Sitnicki > Sent: 23 September 2024 15:56 > > On Mon, Sep 23, 2024 at 01:08 PM GMT, David Laight wrote: > > From: Tiago Lam <tiagolam@...udflare.com> > > [...] > > >> To limit its usage, a reverse socket lookup is performed to check if the > >> configured egress source address and/or port have any ingress sk_lookup > >> match. If it does, traffic is allowed to proceed, otherwise it falls > >> back to the regular egress path. > > > > Is that really useful/necessary? > > We've been asking ourselves the same question during Plumbers with > Martin. > > Unprivileges processes can already source UDP traffic from (almost) any > IP & port by binding a socket to the desired source port and passing > IP_PKTINFO. So perhaps having a reverse socket lookup is an overkill. Traditionally you'd need to bind to the source port on any local IP (or the wildcard IP) that didn't have another socket bound to that port. Modern Linux might have more restrictions and SO_REUSADDR muddies things. And I don't think you can do a connect() on an unbound UDP socket to set the source port at the same time as the destination IP+port. (That would actually be useful.) OTOH if you just want to send a UDP message you can just use another system on the same network. You might need to spoof the source mac - but that isn't hard (although it might confuse any ethernet switches). > We should probably respect net.ipv4.ip_local_reserved_ports and > net.ipv4.ip_unprivileged_port_start system settings, though, or check > for relevant caps. True. > Open question if it is acceptable to disregard exclusive UDP port > ownership by sockets binding to a wildcard address without SO_REUSEADDR? We've often suffered from the opposite - a program binds to the wildcard IP and everything works until something else binds to the same port and a specific local IP. I'm sure this is grief some on both TCP and UDP - especially since you often need to set SO_REUSADDR to stop other things breaking. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists