lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9oCHNSNAVTNtxO2Oz10iqj_D8JPmN8526FbQ8UoO0-iHw@mail.gmail.com>
Date:   Fri, 26 Jun 2020 23:58:21 -0600
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Hans Wippel <ndev@...pl.net>
Cc:     WireGuard mailing list <wireguard@...ts.zx2c4.com>,
        Netdev <netdev@...r.kernel.org>
Subject: Re: wireguard: problem sending via libpcap's packet socket

Hi again Hans,

A few remarks: although gre implements header_ops, it looks like
various parts of the networking stack change behavior based on it. I'm
still analyzing that to understand the extent of the effects.
Something like <https://git.zx2c4.com/wireguard-linux/commit/?id=40c24fd379edc1668087111506ed3d0928052fe0>
would work, but I'm not thrilled by it. Further research is needed.

However, one thing I noticed is that other layer 3 tunnels don't seem
to be a fan of libpcap. For example, try injecting a packet into an
ipip interface. You'll hit exactly the same snag for skb->protocol==0.
So, if I do go the route of the first option -- adding a header_ops --
maybe I'll be inclined to make a shared l3_header_ops struct that can
be shared between things, and fix up all of these at once.

Alternatively, it might turn out to be that, because this is broken
for other layer 3 devices, it's meant to be broken here. But I hope
that won't be the conclusion.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ