lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 May 2018 13:19:36 +0300
From:   Damir Mansurov <dnman@...etlabs.ru>
To:     netdev@...r.kernel.org
Cc:     Konstantin Ushakov <kostik@...etlabs.ru>,
        "Alexandra N. Kossovsky" <Alexandra.Kossovsky@...etlabs.ru>,
        Andrey Dmitrov <andrey.dmitrov@...etlabs.ru>
Subject: The SO_BINDTODEVICE was set to the desired interface, but packets are
 received from all interfaces.


Greetings,

After successful call of the setsockopt(SO_BINDTODEVICE) function to set 
data reception from only one interface, the data is still received from 
all interfaces. Function setsockopt() returns 0 but then recv() receives 
data from all available network interfaces.

The problem is reproducible on linux kernels 4.14 - 4.16, but it does 
not on linux kernels 4.4, 4.13.

I have written C-code to reproduce this issue (see attached files 
b2d_send.c and b2d_recv.c). See below explanation of tested configuration.


         PC-1                              PC-2
  -------------------               -------------------
  | b2d_send        |               | b2d_recv        |
  |                 |               |                 |
  |           ------|               |------           |
  |          | eth0 |---------------| eth0 |          |
  |           ------|               |------           |
  |                 |               |                 |
  |           ------|               |------           |
  |          | eth1 |---------------| eth1 |          |
  |           ------|               |------           |
  |                 |               |                 |
  -------------------               -------------------

Steps:
1. Copy b2d_recv.c to PC-2, compile it ("gcc -o b2d_recv b2d_recv.c") 
and run "./b2d_recv eth0 23777" to get derived data only from eth0 
interface. Port number in this example is 23777 only for sample.

2. Copy b2d_send.c to PC-1, compile it ("gcc -o b2d_send b2d_send.c") 
and run "./b2d_send ip1 ip2 23777" where ip1 and ip2 are ip addresses of 
interfaces eth0 and eth1 of PC-2.

3. Result:
- b2d_recv prints out data from eth0 and eth1 on linux kernels from 4.14 
up to 4.16.
- b2d_recv prints out data from only eth0 on linux kernels below 4.14.


******************
Thanks,
Damir Mansurov
dnman@...etlabs.ru

View attachment "b2d_recv.c" of type "text/x-csrc" (3108 bytes)

View attachment "b2d_send.c" of type "text/x-csrc" (2502 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ