lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	13 Feb 2008 17:56:00 +0100
From:	Urs Thuermann <urs@...ogud.escape.de>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Re: [RFC, PATCH]: Pass link level header from/to PPP interface

Hello Dave,

> But if libpcap and tcpdump can already identify PPP packets
> then, besides "consistency", what does this buy us other
> than potential breakage?

My reason for the patch is mostly cleanliness and to make the kernel
match what is described in packet(7).

If you open a PF_PACKET/SOCK_RAW socket and bind it to an interface
you get a fixed type of frame/packet depending on the type of
interface, including the LL header.  Also if you bind to all
interfaces you can look at the interface type to know what type of
packet you get.  But not for PPP interfaces.

I've written a small packet dump util with a packet parser (somewhat
comparable to tcpdump but much smaller), which looks like this

        struct sockaddr_ll addr;
        ...
        s = open(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
        ...
        recvfrom(s, buffer, sizeof(buffer), 0, &addr, &size);
        switch (addr.sll_hatype) {
        case ARPHRD_ETHER:
        case ARPHRD_IEEE80211:
        case ARPHRD_LOOPBACK:
                parse_ether(buffer);
                break;
        case ARPHRD_TUNNEL:
                parse_ip(buffer);
                break;
        case ARPHRD_SIT:
                parse_ipv6(buffer);
                break;

and so on.  Only for PPP I need to switch on the addr.sll_protocol
since with PPP I don't get the PPP header:

        case ARPHRD_PPP:
                switch (ntohs(addr.sll_protocol))
		case ETH_P_IP:
		    parse_ip(buffer);
		    break;
		case ETH_P_IPV6:
		    parse_ipv6(buffer);
		    break;
                ...
		}
		break;

With my patch you would write

        case ARPHRD_PPP:
                parse_ppp(buffer);
                break;

and the parse function can show the complete PPP frame with protocol
field.  Without the patch there is no way to see the 2-byte PPP header
and, in contrast to packet(7), SOCK_DGRAM and SOCK_RAW are the same.

Do you consider this strong enough to justify this change?

urs
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ