lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1180676187.5956.52.camel@localhost>
Date:	Fri, 01 Jun 2007 15:36:27 +1000
From:	Mick McCreath <mick_mccreath@...securecomputing.com>
To:	netdev@...r.kernel.org
Subject: raw sockets ignore IP_HDRINCL data

Hi,

I have a multi-homed system like this:

eth1: 1.2.3.4 GW: 1.2.3.1
eth2: 2.3.4.5 GW: 2.3.4.1

route ouput snippet is:

default 2.3.4.1 0.0.0.0 UG 3 0 0 eth2
default 1.2.3.1 0.0.0.0 UG 4 0 0 eth1
default 2.3.4.1 0.0.0.0 UG 4 0 0 eth2

When I run traceroute -i eth1 5.4.3.2, the UDP packets are routed out
eth2.

Has anybody seen this behaviour with traceroute??

I have done some debugging, and believe this to be an ipv4 kernel bug.
My research came up with the following:

By the traceroute source code, it uses raw sockets and relies on
IP_HDRINCL (which is defined in the kernel source <netinet/in.h>) to
select the routing interface and does not bind the socket to the source
IP address.

I hacked the traceroute source code to do a bind if the -i option is used,
and the correct GW is used.

I am using a 2.4.29 kernel and have traced through the kernel and
in .../net/ipv4/raw.c, raw_sendmsg() does not read the data to get the
IP header and the source address, which then results in a 0.0.0.0 source
address and hence the routing, ip_route_output(), pulls the default
gateway with the lowest metric, in this case eth2.

I have also used a 2.6.21 kernel and similiar behaviour happens. The
2.6.21 kernel source code does not read the IP header from the data
either.

Am I reading/interpreting the source code correctly?

Any other suggestions/more information would be great.

Cheers,

Mick

-- 
--
Mick McCreath
Sr Engineer

Secure Computing®
your trusted source for enterprise security™
www.securecomputing.com
NASDAQ: SCUR

61 7 3435 2803 (Direct Phone)
mick_mccreath@...urecomputing.com

Secure Computing Corporation
825 Stanley Street
Woolloongabba
Queensland 4102
Australia

The information contained in this email message may be privileged,
confidential and protected from disclosure. If you are not the intended
recipient, any review, dissemination, distribution or copying is
strictly prohibited. If you have received this email message in error,
please notify the sender by reply email and delete the message and any
attachments.

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ