lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 20 Dec 2023 11:30:20 +0000
From: Lena Wang (王娜) <Lena.Wang@...iatek.com>
To: "davem@...emloft.net" <davem@...emloft.net>, "dsahern@...nel.org"
	<dsahern@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Shiming Cheng (成诗明) <Shiming.Cheng@...iatek.com>
Subject: Inet raw socket IPV4 has IPv4 header but IPv6 does not

Dear davem & dsahern,
When using inet raw socket, I found that ipv4 and ipv6 are inconsistent
that IPv4 has an IP header but IPv6 does not have. we would like to
report this issue and want to know if ipv6 should be modified to keep
IP header same as ipv4 design.


Issue reported: shiming.cheng@...iatek.com

In inet raw socket, app can get payload and the ip header in user
space, we can see in function raw_rcv that skb->data points to the ip
header with skb_push.
In inet6 raw socket, app can only get payload without ipv6 header in
user space, we can see in function rawv6_rcv that skb->data points to
the icmpv6 header without skb_push.
 
***********************************************************************
IPV4
In inet ipv4 raw socket, app can get payload and the ip header in user
space, we can see in function raw_rcv that skb->data points to the ip
header with skb_push.
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
Ping icmp Ipv4 with iphdr:
4500540000321e8348888aaa85bb0059ed02289c4a2c81650000eff4000001011121314
15161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363
4500540000321e8348888aaa85bb00a7dd02289d4b2c81650000a01e400000101112131
415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637

int raw_rcv(struct sock *sk, struct sk_buff *skb)
{
...
       nf_reset_ct(skb);
 
       skb_push(skb, skb->data - skb_network_header(skb));
 
       raw_rcv_skb(sk, skb);
       return 0;
}

***********************************************************************
IPV6:
In inet6 raw socket, app can only get payload without ipv6 header in
user space, we can see in function rawv6_rcv that skb->data points to
the icmpv6 header without skb_push.
int sockfd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
The below data is icmpv6 RA monitored by rawsocket and it doesn't have
iphdr:
86004904FF000708000000000000000001010000000000...

int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
{
... 
    if (inet->hdrincl) {
           if (skb_checksum_complete(skb)) {
                  atomic_inc(&sk->sk_drops);
                  kfree_skb(skb);
                  return NET_RX_DROP;
           }
    }
+   // ipv6 skb->data should be pointed to ipv6 header just like ipv4.
+   skb_push(skb, skb->data - skb_network_header(skb)); 
    rawv6_rcv_skb(sk, skb);
    return 0;
}


Thanks
Lena

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ