lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAL+tcoBPxMGBDN1yijgdpYpb8PJA-fWDi8gaEda=msVk2fo_iQ@mail.gmail.com>
Date: Sun, 18 Aug 2024 13:16:33 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, 
	pabeni@...hat.com, dsahern@...nel.org, ncardwell@...gle.com
Cc: netdev@...r.kernel.org, Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH net-next] tcp: do not allow to connect with the four-tuple
 symmetry socket

On Sun, Aug 18, 2024 at 12:25 PM Jason Xing <kerneljasonxing@...il.com> wrote:
>
> From: Jason Xing <kernelxing@...cent.com>
>
> Four-tuple symmetry here means the socket has the same remote/local
> port and ipaddr, like this, 127.0.0.1:8000 -> 127.0.0.1:8000.
> $ ss -nat | grep 8000
> ESTAB      0      0          127.0.0.1:8000       127.0.0.1:8000
>
> Before this patch, one client could start a connection successfully
> as above even without a listener, which means, the socket connects
> to its self. Then every time other threads trying to bind/listen on
> this port will encounter a failure surely, unless the thread owning
> the socket exits.
>
> It can rarely happen on the loopback device when the connect() finds
> the same port as its remote port while listener is not running. It
> has the side-effect on other threads. Besides, this solo flow has no
> merit, no significance at all.
>
> After this patch, the moment we try to connect with a 4-tuple symmetry
> socket, we will get an error "connect: Cannot assign requested address".
>
> Signed-off-by: Jason Xing <kernelxing@...cent.com>
> ---
>  net/ipv4/inet_hashtables.c | 31 +++++++++++++++++++++++++++----
>  1 file changed, 27 insertions(+), 4 deletions(-)
>
> diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
> index 9bfcfd016e18..2f8f34ee62fb 100644
> --- a/net/ipv4/inet_hashtables.c
> +++ b/net/ipv4/inet_hashtables.c
> @@ -978,6 +978,21 @@ void inet_bhash2_reset_saddr(struct sock *sk)
>  }
>  EXPORT_SYMBOL_GPL(inet_bhash2_reset_saddr);
>
> +/* SYMMETRY means the socket has the same local and remote port/ipaddr */
> +#define INET_ADDR_SYMMETRY(sk) (inet_sk(sk)->inet_rcv_saddr == \
> +                               inet_sk(sk)->inet_daddr)
> +#define INET_PORT_SYMMETRY(sk) (inet_sk(sk)->inet_num == \
> +                               ntohs(inet_sk(sk)->inet_dport))
> +#define INET_PORT_SYMMETRY_MATCH(sk, port) (port == \
> +                                           ntohs(inet_sk(sk)->inet_dport))
> +static inline int inet_tuple_symmetry(struct sock *sk)

Patchwork shows to me that I should not use inline in the .c file. I
will change it in due course in v2 patch.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ