lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220824122058.1c46e09a@xps-13>
Date:   Wed, 24 Aug 2022 12:20:58 +0200
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Alexander Aring <aahringo@...hat.com>
Cc:     Alexander Aring <alex.aring@...il.com>,
        Stefan Schmidt <stefan@...enfreihafen.org>,
        linux-wpan - ML <linux-wpan@...r.kernel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Network Development <netdev@...r.kernel.org>,
        David Girault <david.girault@...vo.com>,
        Romuald Despres <romuald.despres@...vo.com>,
        Frederic Blain <frederic.blain@...vo.com>,
        Nicolas Schodet <nico@...fr.eu.org>,
        Thomas Petazzoni <thomas.petazzoni@...tlin.com>
Subject: Re: [PATCH wpan-next 01/20] net: mac802154: Allow the creation of
 coordinator interfaces

Hi Alexander,

aahringo@...hat.com wrote on Tue, 23 Aug 2022 17:44:52 -0400:

> Hi,
> 
> On Tue, Aug 23, 2022 at 12:29 PM Miquel Raynal
> <miquel.raynal@...tlin.com> wrote:
> >
> > Hi Alexander,
> >
> > aahringo@...hat.com wrote on Tue, 23 Aug 2022 08:33:30 -0400:
> >  
> > > Hi,
> > >
> > > On Fri, Aug 19, 2022 at 1:11 PM Miquel Raynal <miquel.raynal@...tlin.com> wrote:  
> > > >
> > > > Hi Alexander,
> > > >
> > > > aahringo@...hat.com wrote on Tue, 5 Jul 2022 21:51:02 -0400:
> > > >  
> > > > > Hi,
> > > > >
> > > > > On Fri, Jul 1, 2022 at 10:36 AM Miquel Raynal <miquel.raynal@...tlin.com> wrote:  
> > > > > >
> > > > > > As a first strep in introducing proper PAN management and association,
> > > > > > we need to be able to create coordinator interfaces which might act as
> > > > > > coordinator or PAN coordinator.
> > > > > >
> > > > > > Hence, let's add the minimum support to allow the creation of these
> > > > > > interfaces. This might be restrained and improved later.
> > > > > >
> > > > > > Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com>
> > > > > > ---
> > > > > >  net/mac802154/iface.c | 14 ++++++++------
> > > > > >  net/mac802154/rx.c    |  2 +-
> > > > > >  2 files changed, 9 insertions(+), 7 deletions(-)
> > > > > >
> > > > > > diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c
> > > > > > index 500ed1b81250..7ac0c5685d3f 100644
> > > > > > --- a/net/mac802154/iface.c
> > > > > > +++ b/net/mac802154/iface.c
> > > > > > @@ -273,13 +273,13 @@ ieee802154_check_concurrent_iface(struct ieee802154_sub_if_data *sdata,
> > > > > >                 if (nsdata != sdata && ieee802154_sdata_running(nsdata)) {
> > > > > >                         int ret;
> > > > > >
> > > > > > -                       /* TODO currently we don't support multiple node types
> > > > > > -                        * we need to run skb_clone at rx path. Check if there
> > > > > > -                        * exist really an use case if we need to support
> > > > > > -                        * multiple node types at the same time.
> > > > > > +                       /* TODO currently we don't support multiple node/coord
> > > > > > +                        * types we need to run skb_clone at rx path. Check if
> > > > > > +                        * there exist really an use case if we need to support
> > > > > > +                        * multiple node/coord types at the same time.
> > > > > >                          */
> > > > > > -                       if (wpan_dev->iftype == NL802154_IFTYPE_NODE &&
> > > > > > -                           nsdata->wpan_dev.iftype == NL802154_IFTYPE_NODE)
> > > > > > +                       if (wpan_dev->iftype != NL802154_IFTYPE_MONITOR &&
> > > > > > +                           nsdata->wpan_dev.iftype != NL802154_IFTYPE_MONITOR)
> > > > > >                                 return -EBUSY;
> > > > > >
> > > > > >                         /* check all phy mac sublayer settings are the same.
> > > > > > @@ -577,6 +577,7 @@ ieee802154_setup_sdata(struct ieee802154_sub_if_data *sdata,
> > > > > >         wpan_dev->short_addr = cpu_to_le16(IEEE802154_ADDR_BROADCAST);
> > > > > >
> > > > > >         switch (type) {
> > > > > > +       case NL802154_IFTYPE_COORD:
> > > > > >         case NL802154_IFTYPE_NODE:
> > > > > >                 ieee802154_be64_to_le64(&wpan_dev->extended_addr,
> > > > > >                                         sdata->dev->dev_addr);
> > > > > > @@ -636,6 +637,7 @@ ieee802154_if_add(struct ieee802154_local *local, const char *name,
> > > > > >         ieee802154_le64_to_be64(ndev->perm_addr,
> > > > > >                                 &local->hw.phy->perm_extended_addr);
> > > > > >         switch (type) {
> > > > > > +       case NL802154_IFTYPE_COORD:
> > > > > >         case NL802154_IFTYPE_NODE:
> > > > > >                 ndev->type = ARPHRD_IEEE802154;
> > > > > >                 if (ieee802154_is_valid_extended_unicast_addr(extended_addr)) {
> > > > > > diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c
> > > > > > index b8ce84618a55..39459d8d787a 100644
> > > > > > --- a/net/mac802154/rx.c
> > > > > > +++ b/net/mac802154/rx.c
> > > > > > @@ -203,7 +203,7 @@ __ieee802154_rx_handle_packet(struct ieee802154_local *local,
> > > > > >         }
> > > > > >
> > > > > >         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
> > > > > > -               if (sdata->wpan_dev.iftype != NL802154_IFTYPE_NODE)
> > > > > > +               if (sdata->wpan_dev.iftype == NL802154_IFTYPE_MONITOR)
> > > > > >                         continue;  
> > > > >
> > > > > I probably get why you are doing that, but first the overall design is
> > > > > working differently - means you should add an additional receive path
> > > > > for the special interface type.
> > > > >
> > > > > Also we "discovered" before that the receive path of node vs
> > > > > coordinator is different... Where is the different handling here? I
> > > > > don't see it, I see that NODE and COORD are the same now (because that
> > > > > is _currently_ everything else than monitor). This change is not
> > > > > enough and does "something" to handle in some way coordinator receive
> > > > > path but there are things missing.
> > > > >
> > > > > 1. Changing the address filters that it signals the transceiver it's
> > > > > acting as coordinator
> > > > > 2. We _should_ also have additional handling for whatever the
> > > > > additional handling what address filters are doing in mac802154
> > > > > _because_ there is hardware which doesn't have address filtering e.g.
> > > > > hwsim which depend that this is working in software like other
> > > > > transceiver hardware address filters.
> > > > >
> > > > > For the 2. one, I don't know if we do that even for NODE right or we
> > > > > just have the bare minimal support there... I don't assume that
> > > > > everything is working correctly here but what I want to see is a
> > > > > separate receive path for coordinators that people can send patches to
> > > > > fix it.  
> > > >
> > > > Yes, we do very little differently between the two modes, that's why I
> > > > took the easy way: just changing the condition. I really don't see what
> > > > I can currently add here, but I am fine changing the style to easily
> > > > show people where to add filters for such or such interface, but right
> > > > now both path will look very "identical", do we agree on that?  
> > >
> > > mostly yes, but there exists a difference and we should at least check
> > > if the node receive path violates the coordinator receive path and
> > > vice versa.
> > > Put it in a receive_path() function and then coord_receive_path(),
> > > node_receive_path() that calls the receive_path() and do the
> > > additional filtering for coordinators, etc.
> > >
> > > There should be a part in the standard about "third level filter rule
> > > if it's a coordinator".
> > > btw: this is because the address filter on the transceiver needs to
> > > have the "i am a coordinator" boolean set which is missing in this
> > > series. However it depends on the transceiver filtering level and the
> > > mac802154 receive path if we actually need to run such filtering or
> > > not.  
> >
> > I must be missing some information because I can't find any places
> > where what you suggest is described in the spec.
> >
> > I agree there are multiple filtering level so let's go through them one
> > by one (6.7.2 Reception and rejection):
> > - first level: is the checksum (FCS) valid?
> >         yes -> goto second level
> >         no -> drop
> > - second level: are we in promiscuous mode?
> >         yes -> forward to upper layers
> >         no -> goto second level (bis)
> > - second level (bis): are we scanning?
> >         yes -> goto scan filtering
> >         no -> goto third level
> > - scan filtering: is it a beacon?
> >         yes -> process the beacon
> >         no -> drop
> > - third level: is the frame valid? (type, source, destination, pan id,
> >   etc)
> >         yes -> forward to upper layers
> >         no -> drop

Actually right now the second level is not enforced, and all the
filtering levels are a bit fuzzy and spread everywhere in rx.c.

I'm gonna see if I can at least clarify all of that and only make
coord-dependent the right section because right now a
ieee802154_coord_rx() path in ieee802154_rx_handle_packet() does not
really make sense given that the level 3 filtering rules are mostly
enforced in ieee802154_subif_frame().

Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ