| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Dec 2018 17:30:59 +0100
From: Guillaume Nault <g.nault@...halink.fr>
To: Sam Protsenko <semen.protsenko@...aro.org>
Cc: James Chapman <jchapman@...alix.com>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] l2tp: Add Protocol field compression
On Fri, Dec 14, 2018 at 11:12:42PM +0200, Sam Protsenko wrote:
> When Protocol Field Compression (PFC) is enabled, the "Protocol" field
> in PPP packet should be transmitted without leading 0x00. See section
> 6.5 in RFC 1661 for details. Let's compress protocol field if needed,
> the same way it's done in drivers/net/ppp/pptp.c.
>
> To actually enable PFC, one should issue corresponding ioctl to L2TP
> driver from user-space, like this:
>
> ioctl(fd, PPPIOCGFLAGS, &flags);
> flags |= SC_COMP_PROT;
> ioctl(fd, PPPIOCSFLAGS, &flags);
>
> It can be done e.g. from pppol2tp plugin (pppd), when pcomp option was
> negotiated with peer.
>
> Of course, we don't compress Protocol field when sending LCP packets. As
> stated in RFC 1661, section 6.5:
>
> The Protocol field is never compressed when sending any LCP
> packet. This rule guarantees unambiguous recognition of LCP
> packets.
>
Again, I'm sorry, but I must oppose this change. Although I'm lacking
time to keep sanitising L2TP, at least I'd like to avoid making the
situation worse.
L2TP's uapi is already messy enough. Please don't add non-L2TP features
there.
Activating PFC should be done on PPP file descriptors, not no L2TP
sockets. We certainly don't want L2TP to snoop on PPP data, much less
modify them.
Powered by blists - more mailing lists