| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2014 21:19:07 +0200 From: Daniel Borkmann <dborkman@...hat.com> To: Marcel Holtmann <marcel@...tmann.org> CC: Network Development <netdev@...r.kernel.org> Subject: Re: netlink_deliver_tap is broken On 08/11/2014 11:38 PM, Marcel Holtmann wrote: ... > the netlink tap functionality is not really usable. At least not from a nlmon perspective. It has three fundamental problems. > > a) Multicast netlink messages are not delivered to a registered tap when you do not have any member subscribed to the multicast group > > b) Multicast netlink messages are delivered multiple times when you have multiple clients subscribed to that multicast group. The rationale so far I had in mind was that the tap only gets messages that actually reach another socket/endpoint through netlink. Perhaps analogous to non-promisc mode ... I think otherwise it's quite hard to tell if a client actually got a message or not. E.g. it would for some reason screw up the subscribe, and you could not tell if the netlink skb actually landed validly in the receive queue. Perhaps we could make a difference in that behaviour when nlmon is put into promisc mode? > c) Unicast netlink messages are filtered out by the client socket filter meaning they never get to the tap Do you mean BPF filter on the packet socket? What filter program do you have attached and in what scenario? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists