lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 12 Aug 2014 21:19:07 +0200
From:	Daniel Borkmann <>
To:	Marcel Holtmann <>
CC:	Network Development <>
Subject: Re: netlink_deliver_tap is broken

On 08/11/2014 11:38 PM, Marcel Holtmann wrote:
> the netlink tap functionality is not really usable. At least not from a nlmon perspective. It has three fundamental problems.
> a) Multicast netlink messages are not delivered to a registered tap when you do not have any member subscribed to the multicast group
> b) Multicast netlink messages are delivered multiple times when you have multiple clients subscribed to that multicast group.

The rationale so far I had in mind was that the tap only gets messages
that actually reach another socket/endpoint through netlink. Perhaps
analogous to non-promisc mode ... I think otherwise it's quite hard to
tell if a client actually got a message or not. E.g. it would for some
reason screw up the subscribe, and you could not tell if the netlink
skb actually landed validly in the receive queue. Perhaps we could make
a difference in that behaviour when nlmon is put into promisc mode?

> c) Unicast netlink messages are filtered out by the client socket filter meaning they never get to the tap

Do you mean BPF filter on the packet socket? What filter program do you
have attached and in what scenario?
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists