lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53CD275A.2090102@ng4t.com>
Date:	Mon, 21 Jul 2014 16:44:42 +0200
From:	Mihail Dakov <mihail.dakov@...t.com>
To:	Daniel Borkmann <dborkman@...hat.com>
CC:	netdev@...r.kernel.org
Subject: Fwd: Re: AF_PACKET: tx_ring mirrored in rx_ring?




Thank you for fast reply.

On 07/21/2014 03:51 PM, Daniel Borkmann wrote:
> On 07/21/2014 03:18 PM, Mihail Dakov wrote:
>> Hello guys,
>>
>> I am having a trouble using the RX/TX ring buffer for AF_PACKET
>> sockets. I create two sockets (one for rx, one for tx). I bind those
>> sockets to the same interface. According the docs you can create a
>> socket per direction or single socket for both directions (allocating
>> double the memory needed for a ring buffer, and then mapping first rx
>> and then tx buffer). In this case I opted for creating two sockets,
>> one per direction. The problem is that when I use the tx_ring to send
>> over the pf_socket I see those message "mirrored" in the rx_ring
>> buffer which is not an expected behavior for my application. In other
>> to reproduce the issue I simplified my application into a smaller
>> one. Then I send a manually created ping message with adjusted mac
>> and ip address so that a remote machine in my local network answers
>> it. I successfully see the ping request double (once in the tx_ring
>> and once in the rx_ring). Which I think is not expected behavior.
>> This application was tested on kernel
>> 3.14.12-1 and was compiled with gcc (Debian 4.8.3-5) and on kernel
>> 3.2.0-52-lowlatency with compiler gcc (Ubuntu/Linaro 4.6.3-1ubuntu5)
>> 4.6.3.
>>
>> So some questions have arised:
>>
>> 1. Is this normal behavior? If it is, why? I mean, if I use a socket
>> per direction I expect to see only packets for that direction on the
>> correspondent socket, right?
>> 2. Could you provide some more insights about why this "problem" is
>> happening? Am I doing it wrong? Did I get it wrong (the whole ring
>> buffer in af_packets)? Am I using wrong settings?
>>
>> I have attached the simple program which should reproduce the issue.
>
> It's expected behaviour (and actually also RX/TX ring independant).
> Currently, when calling dev_hard_start_xmit() the kernel tries to push
> local traffic back via dev_queue_xmit_nit() iff a packet socket is
> present for that protocol, or for any kind of traffic for monitoring
> purposes.
What'd you mean by local traffic? The packets which are replicated are
destined to remote machine(s).

> skbs are not particularly marked for differentiating outgoing
> traffic from normal protocols and from packet sockets. Even having 1
> socket for RX/TX wouldn't work with your scenario as at some point in
> time you need to bind to a protocol as well and we install dev_add_pack()
> there, too. BPF might help in some situations, but still with a
> performance penalty. You could use PACKET_QDISC_BYPASS to solve that
This works on kernel 3.14.12 which isn't suitable for the program as
target machine(s) provide 3.2 kernel (where no PACKET_QDISC_BYPASS flag
exists). So I guess I have to adjust my app for the
replicated packets in the rx_ring.


> issue if your scenario allows for that, as here dev_queue_xmit_nit()
> won't be called, and thus you won't mirror back.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ