| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jul 2019 11:09:08 +0200
From: Michal Kubecek <mkubecek@...e.cz>
To: netdev@...r.kernel.org
Cc: Thomas Haller <thaller@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Johannes Berg <johannes@...solutions.net>,
David Ahern <dsahern@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v2 3/3] netlink: add validation of NLA_F_NESTED
flag
On Tue, Jul 23, 2019 at 10:57:54AM +0200, Thomas Haller wrote:
> Does this flag and strict validation really provide any value?
> Commonly a netlink message is a plain TLV blob, and the meaning
> depends entirely on the policy.
>
> What I mean is that for example
>
> NLA_PUT_U32 (msg, ATTR_IFINDEX, (uint32_t) ifindex)
> NLA_PUT_STRING (msg, ATTR_IFNAME, "net")
>
> results in a 4 bytes payload that does not encode whether the data is
> a number or a string.
>
> Why is it valuable in this case to encode additional type information
> inside the message, when it's commonly not done and also not
> necessary?
One big advantage of having nested attributes explicitly marked is that
it allows parsers not aware of the semantics to recognize nested
attributes and parse their inner structure.
This is very important e.g. for debugging purposes as without the flag,
wireshark can only recurse into nested attributes if it understands the
protocol and knows they are nested, otherwise it displays them only as
an opaque blob (which is what happens for most netlink based protocols).
Another example is mnl_nlmsg_fprintf() function from libmnl which is
also a valuable debugging aid but without NLA_F_NESTED flags it cannot
show message structure properly.
Michal Kubecek
Powered by blists - more mailing lists