| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2011 22:13:28 -0800 From: Maciej Żenczykowski <zenczykowski@...il.com> To: David Miller <davem@...emloft.net> Cc: Linux NetDev <netdev@...r.kernel.org>, MuraliRaja Muniraju <muralira@...gle.com>, Stephen Hemminger <shemminger@...tta.com>, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [PATCH] net-netlink: Add a new attribute to expose TCLASS values via netlink 2011/11/13 David Miller <davem@...emloft.net>: >>>> Yes, but an ipv6 socket is permitted to setsockopt SOL_IP in addition to SOL_IPV6. >>>> As such, one can simply setsockopt(ipv6_socket, SOL_IP, IP_TOS, value). >>> >>> That's my whole point, this operation isn't currently possible, the >>> socket ops for ipv4 setsockopt() aren't hooked up to ipv6 mapped >>> sockets in the kernel right now. >> >> http://lxr.linux.no/linux+v3.1/net/ipv6/ipv6_sockglue.c#L822 > > That definitely destroys the basis for all of my arguments :-) > > I'm going to add the TCLASS inet_diag patch, but can you find a cleaner > way to make sure that all types of sockets have the value initialized > to something sane? The one you posted wasn't... optimal :-) > > Thanks. I only realized just now that I had replied only to you and not to all. I hope you don't mind that I'm adding everyone back into the loop. (a) if we keep tos/tclass distinct. We should make sure to get this patch (and the as yet unwritten followup) into 3.2-final and not 3.3-rc1 (ie. net/master and not net-next/master). Since it does slightly change userspace visible API (thankfully, it was just added so it's not yet too late to change it). [FYI, I already see this patch in net/master - thanks!] As for the followup, I can see three ways to proceed. - The first involves figuring out what type of socket we're dealing with when we look at it (ie. something like the RFC patch I posted - I don't think it's going to be much prettier no matter what one does - there's simply a lot of complexity...) - The second involves keeping some sort of type-of-ip-socket field/bitmap (none, ipv4 only, ipv4/ipv6 dual stack, ipv6 only) directly in the socket. This is probably much harder to get right (changes all over the stack), but may have long term benefits??? - The third involves punting on the problem, we handle the simple cases in kernel and sometimes return excess information to userspace (ie. we take the RFC patch and strip out the address comparisons and error on the side of returning 'true') -> it's userspace's problem to sift through the excess garbage. (b) personally I would still prefer to just merge tos and tclass and get rid of the distinction... is this minor-but-userspace-visible-api change out of the question? - Maciej -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists