| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1331521833.2449.32.camel@edumazet-laptop>
Date: Sun, 11 Mar 2012 20:10:33 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Tom Herbert <therbert@...gle.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] net: Provide SYN packet for passive connections
Le dimanche 11 mars 2012 à 19:48 -0700, Tom Herbert a écrit :
> This patch allows a server application to get the TCP SYN packets for
> its passive connections. This is useful if the server is doing
> fingerprinting of clients based on SYN packet contents.
>
> Two socket options are added: TCP_SAVE_SYN and TCP_SAVED_SYN. The
> first is used on a listener socket to enable saving the SYN packets
> for child connections. The latter is used to retrieve the SYN for
> and accepted connection. TCP_SAVED_SYN is read once, it frees the
> saved SYN packet.
>
> The data returned TCP_SAVED_SYN is the IP header (v4 or v6) through
> the TCP header.
>
> Signed-off-by: Tom Herbert <therbert@...gle.com>
> ---
> include/linux/tcp.h | 2 ++
> include/net/inet_connection_sock.h | 31 +++++++++++++++++++++++++++++++
> include/net/request_sock.h | 6 +++++-
> net/ipv4/inet_connection_sock.c | 2 ++
> net/ipv4/tcp.c | 32 ++++++++++++++++++++++++++++++++
> net/ipv4/tcp_ipv4.c | 2 ++
> net/ipv4/tcp_minisocks.c | 2 ++
> net/ipv6/tcp_ipv6.c | 2 ++
> 8 files changed, 78 insertions(+), 1 deletions(-)
>
...
> tp->linger2 = -1;
> @@ -2632,6 +2639,31 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
> case TCP_USER_TIMEOUT:
> val = jiffies_to_msecs(icsk->icsk_user_timeout);
> break;
> + case TCP_SAVE_SYN:
> + val = icsk->icsk_save_syn;
> + break;
> + case TCP_SAVED_SYN: {
> + if (get_user(len, optlen))
> + return -EFAULT;
> +
> + if (icsk->icsk_saved_syn) {
> + struct sk_buff *skb = icsk->icsk_saved_syn;
> + void *b = skb_network_header(skb);
> + void *e = (void *)tcp_hdr(skb) + tcp_hdrlen(skb);
> +
> + len = min_t(unsigned int, e - b, len);
> + if (put_user(len, optlen))
> + return -EFAULT;
> + if (copy_to_user(optval, b, len))
> + return -EFAULT;
> + inet_csk_free_syn(sk);
> + } else {
I am concerned by the fact that socket might be not locked here, so this
code is racy if two threads happen to call this at the same time.
Or maybe its locked and I am too lazy ? :)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists