lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5f00a1f4-6b51-4a72-979d-f8ee182edb67@student.hpi.de>
Date: Mon, 19 Feb 2024 13:05:46 +0100
From: Antonio Dimeo <antonio.dimeo@...dent.hpi.de>
To: <netdev@...r.kernel.org>
Subject: ematch random/qdisc ingress handles bugs

Dear all,

In the past weeks I've worked with tc on some occasions, and in the 
process I have encountered two issues which I believe may be bugs.

The iproute2 maintainer directed me here for reporting, and I do hope 
that my descriptions are helpful.
All of these behaviors were observed on a 22.04 Ubuntu, I'm uncertain to 
which tc version that maps.



First, the basic filter with ematch expressions.
The man page for tc-ematch includes a "random" attribute, described in 
the man page as a 32 bit random value, which can be compared with e.g. a 
given value, which is truncated to 32 bits. However, in my testing a 
term like

basic match "meta( random lt {boundary} ) "

let to all packets being denied, while using gt as a comparator accepted 
all packets. The filter works as expected when the random is masked 
first. A colleague who supported me in debugging the issue mentioned 
that it appeared to him that random generated 64 bits of random instead 
of the documented 32, which would explain this behavior, but due to 
other obligations I've been unable to dig deeper myself.
This effectively leads to "random" not being random, unless explicitly 
combined with a mask.


Second, I believe that ingress qdiscs may not respect assigned handles. 
I'm using code like this:

tc qdisc add dev enp0s3 handle fffa: ingress
tc qdisc show

Which results in output containing

qdisc ingress ffff: dev enp0s3 parent ffff:fff1 -----------


Until observing this behavior I would have expected the ingress qdisc to 
have the fffa handle, since I haven't seen any mention of it defaulting 
to ffff in what appeared to be the relevant man pages. However, I'm 
still not confident in my understanding of tc, so this behavior may be 
caused by user error instead.

All the best
Antonio Dimeo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ