lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1409650402.1808.8.camel@jlt4.sipsolutions.net>
Date:	Tue, 02 Sep 2014 11:33:22 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	Julian Anastasov <ja@....bg>
Cc:	David Miller <davem@...emloft.net>, linux-wireless@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast

On Wed, 2014-08-27 at 17:31 +0300, Julian Anastasov wrote:

> > All IP protocols, this comes either from the IPv4 RFC (1122) or from the
> > wireless issue which affects all protocols.
> 
> 	I did a grep for inet_add_protocol, in case if
> we prefer to use per-protocol checks:
> 
> Protocols that look ok to me: TCP, SCTP, DCCP
> 
> ICMP: missing check in icmp_rcv
> UDP, UDPLITE: need check in __udp4_lib_rcv
> IGMP: uses only multicast address?
> PIM: not sure if __pim_rcv() needs check, before skb_tunnel_rx()
> 	changes pkt_type?
> 
> More protocols are also registered with inet_add_protocol(), I don't
> see pkt_type checks there, mostly tunnels:
> - IPPROTO_GRE
> - IPPROTO_L2TP
> - IPPROTO_IPIP
> - IPPROTO_IPV6 (tunnel64_rcv)
> 
> 	If going to use a global check I hope there are
> no protocols that require exception to this rule.

Yeah that's the big question. Are you saying that TCP already implements
this? But I guess for TCP it's least interesting in a sense? Not really
sure.

I'd feel better implementing it at the IP level though, since it's a
fairly low-level requirement and also RFC 1122 is on the IP level
(obviously)

johannes


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ