lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 25 Jan 2021 17:02:07 +0100
From:   Paolo Abeni <pabeni@...hat.com>
To:     netdev@...r.kernel.org
Cc:     "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>,
        "dsahern @ kernel . org" <dsahern@...nel.org>
Subject: [PATCH iproute2] ss: do not emit warn while dumping MPTCP on old kernels

Prior to this commit, running 'ss' on a kernel older than v5.9
bumps an error message:

RTNETLINK answers: Invalid argument

When asked to dump protocol number > 255 - that is: MPTCP - 'ss'
adds an INET_DIAG_REQ_PROTOCOL attribute, unsupported by the older
kernel.

Avoid the warning ignoring filter issues when INET_DIAG_REQ_PROTOCOL
is used.

Additionally older kernel end-up invoking tcpdiag_send(), which
in turn will try to dump DCCP socks. Bail early in such function,
as the kernel does not implement an MPTCPDIAG_GET request.

Reported-by: "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>
Fixes: 9c3be2c0eee0 ("ss: mptcp: add msk diag interface support")
Signed-off-by: Paolo Abeni <pabeni@...hat.com>
---
 misc/ss.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/misc/ss.c b/misc/ss.c
index 0593627b..ad46f9db 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -3404,7 +3404,7 @@ static int tcpdiag_send(int fd, int protocol, struct filter *f)
 	struct iovec iov[3];
 	int iovlen = 1;
 
-	if (protocol == IPPROTO_UDP)
+	if (protocol == IPPROTO_UDP || protocol == IPPROTO_MPTCP)
 		return -1;
 
 	if (protocol == IPPROTO_TCP)
@@ -3623,6 +3623,14 @@ static int inet_show_netlink(struct filter *f, FILE *dump_fp, int protocol)
 	if (preferred_family == PF_INET6)
 		family = PF_INET6;
 
+	/* extended protocol will use INET_DIAG_REQ_PROTOCOL,
+	 * not supported by older kernels. On such kernel
+	 * rtnl_dump will bail with rtnl_dump_error().
+	 * Suppress the error to avoid confusing the user
+	 */
+	if (protocol > 255)
+		rth.flags |= RTNL_HANDLE_F_SUPPRESS_NLERR;
+
 again:
 	if ((err = sockdiag_send(family, rth.fd, protocol, f)))
 		goto Exit;
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ