| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2023 11:54:21 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org,
pabeni@...hat.com, edumazet@...gle.com
Subject: Re: [PATCH net] uapi: linux: restore IPPROTO_MAX to 256
On Wed, Jan 11, 2023 at 10:47:19PM +0100, Pablo Neira Ayuso wrote:
> IPPROTO_MAX used to be 256, but with the introduction of IPPROTO_MPTCP
> definition, IPPROTO_MAX was bumped to 263.
>
> IPPROTO_MPTCP definition is used for the socket interface from
> userspace. It is never used in the layer 4 protocol field of
> IP headers.
>
> IPPROTO_* definitions are used anywhere in the kernel as well as in
> userspace to set the layer 4 protocol field in IP headers.
>
> At least in Netfilter, there is code in userspace that relies on
> IPPROTO_MAX (not inclusive) to check for the maximum layer 4 protocol.
>
> This patch restores IPPROTO_MAX to 256.
>
> Fixes: faf391c3826c ("tcp: Define IPPROTO_MPTCP")
> Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org>
> ---
> Alternatively, I can also define an internal __IPPROTO_MAX to 256 in
> userspace. I understand an update on uapi at this stage might be
> complicated. Another possibility is to add a new definition
> IPPROTO_FIELD_MAX to uapi and set it to 256 that userspace could start
> using.
Scratch this.
This breaks inet_create() and inet6_create() which is going to break
MP-TCP with socket().
I'll post a v2 adding a new IPPROTO_FIELD_MAX definition 256.
Powered by blists - more mailing lists