lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6653547768757_23ef3529455@willemb.c.googlers.com.notmuch>
Date: Sun, 26 May 2024 11:25:43 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: alexandre.ferrieux@...nge.com, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>, 
 Chengen Du <chengen.du@...onical.com>
Cc: davem@...emloft.net, 
 edumazet@...gle.com, 
 kuba@...nel.org, 
 pabeni@...hat.com, 
 netdev@...r.kernel.org, 
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] af_packet: Handle outgoing VLAN packets without hardware
 offloading

alexandre.ferrieux@ wrote:
> On 25/05/2024 17:51, Willem de Bruijn wrote:
> > 
> > First, we need to even understand better why anything is using
> > SOCK_DGRAM when access to L2.5 headers is important, and whether the
> > process can convert to using SOCK_RAW instead.
> 
> For libpcap, it seems to be linked to the fact that the "any" device can 
> aggregate links with varied L2 header sizes, which in turn complicates filtering 
> (see Guy Harris' comment on this [1]).
> 
> Given that 99% of useful traffic is Ethernet, such considerations look awkward 
> now. I for one would love to see an "any2" based on SOCK_RAW. And while you're 
> at it, please let the new variant of SLL contain the full Ethernet header at the 
> end, so that a simple offset gives access to the whole linear wire image...

Complicating factors are loopback and tunnel devices, which are
common. Loopback (ARPHRD_LOOPBACK) is pseudo Ethernet. Libpcap does
convert this to DLT_EN10MB. But it converts ARPHRD_TUNNEL to DLT_RAW,
as can be expected.

I don't think a new DLT_LINUX_SLL3 is a solution. The application
just wants to receive the full L2.5 header, not yet another parsed
version.

Libpcap can conceivably already read with SOCK_RAW and still convert
each frame to SLL internally.

Separate from this, I'd like to see where exactly these L2.5 tags are
inserted and whether any besides VLAN (incl. QinQ special case) are
even susceptible.

For VLAN on the normal egress path, like the ICMP reproducer, this
probably is in vlan_insert_tag_set_proto. Not 100% sure. That indeed
inserts the header and updates skb->protocol, without changing the
network header.

MPLS in mpls_forward does appear to update network_header, and uses
this in mpls_hdr. So perhaps the issue does not extend beyond VLAN.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ