lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241024154119.1096947-1-maze@google.com>
Date: Thu, 24 Oct 2024 08:41:19 -0700
From: "Maciej Żenczykowski" <maze@...gle.com>
To: "Maciej Żenczykowski" <zenczykowski@...il.com>
Cc: Linux Network Development Mailing List <netdev@...r.kernel.org>, "David S . Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	"Maciej Żenczykowski" <maze@...gle.com>, Lorenzo Colitti <lorenzo@...gle.com>
Subject: [PATCH net-next] net: define and implement new SOL_SOCKET
 SO_RX_IFINDEX option

This is currently only implemented for TCP and is not
guaranteed to return correct information for a multitude
of reasons (including multipath reception), but there are
scenarios where it is useful: in particular a strong host
model where connections are only viable via a single interface,
for example a VPN interface.  One could for example choose
to use this to SO_BINDTODEVICE.

Test:
  // Python 2.7.18 (default, Jul 13 2022, 18:14:36)
  import socket
  SO_RX_IFINDEX=82
  s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM, 0)
  c = socket.socket(socket.AF_INET6, socket.SOCK_STREAM, 0)
  s.bind(('::', 8888))
  s.listen(128)
  c.connect(('::', 8888))
  a = s.accept()
  print a  # (<socket._socketobject object>, ('::1', 58144, 0, 0))
  p=a[0]
  p.getsockname()  # ('::1', 8888, 0, 0)
  p.getpeername()  # ('::1', 58144, 0, 0)
  c.getsockname()  # ('::1', 58144, 0, 0)
  c.getpeername()  # ('::1', 8888, 0, 0)
  p.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 1 (lo)
  c.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 0 (unknown)
  c.send(b'X')  # 1
  p.recv(2)  # 'X'
  p.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 1 (lo)
  c.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 0 (unknown)
  p.send(b'Z')  # 1
  c.recv(2)  # 'Z'
  p.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 1 (lo)
  c.getsockopt(socket.SOL_SOCKET, SO_RX_IFINDEX)  # 1 (lo)

Which shows we should possibly fix the 3-way handshake SYN-ACK
to set sk->sk_rx_dst_ifindex.

Cc: Lorenzo Colitti <lorenzo@...gle.com>
Cc: Eric Dumazet <edumazet@...gle.com>
Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
---
 arch/alpha/include/uapi/asm/socket.h  | 2 ++
 arch/mips/include/uapi/asm/socket.h   | 2 ++
 arch/parisc/include/uapi/asm/socket.h | 2 ++
 arch/sparc/include/uapi/asm/socket.h  | 2 ++
 include/uapi/asm-generic/socket.h     | 2 ++
 net/core/sock.c                       | 4 ++++
 6 files changed, 14 insertions(+)

diff --git a/arch/alpha/include/uapi/asm/socket.h b/arch/alpha/include/uapi/asm/socket.h
index 302507bf9b5d..5f139b095a49 100644
--- a/arch/alpha/include/uapi/asm/socket.h
+++ b/arch/alpha/include/uapi/asm/socket.h
@@ -148,6 +148,8 @@
 
 #define SCM_TS_OPT_ID		81
 
+#define SO_RX_IFINDEX		82
+
 #if !defined(__KERNEL__)
 
 #if __BITS_PER_LONG == 64
diff --git a/arch/mips/include/uapi/asm/socket.h b/arch/mips/include/uapi/asm/socket.h
index d118d4731580..ff25d24b4dea 100644
--- a/arch/mips/include/uapi/asm/socket.h
+++ b/arch/mips/include/uapi/asm/socket.h
@@ -159,6 +159,8 @@
 
 #define SCM_TS_OPT_ID		81
 
+#define SO_RX_IFINDEX		82
+
 #if !defined(__KERNEL__)
 
 #if __BITS_PER_LONG == 64
diff --git a/arch/parisc/include/uapi/asm/socket.h b/arch/parisc/include/uapi/asm/socket.h
index d268d69bfcd2..3f89c388e356 100644
--- a/arch/parisc/include/uapi/asm/socket.h
+++ b/arch/parisc/include/uapi/asm/socket.h
@@ -140,6 +140,8 @@
 
 #define SCM_TS_OPT_ID		0x404C
 
+#define SO_RX_IFINDEX		82
+
 #if !defined(__KERNEL__)
 
 #if __BITS_PER_LONG == 64
diff --git a/arch/sparc/include/uapi/asm/socket.h b/arch/sparc/include/uapi/asm/socket.h
index 113cd9f353e3..f1af74f5f1ad 100644
--- a/arch/sparc/include/uapi/asm/socket.h
+++ b/arch/sparc/include/uapi/asm/socket.h
@@ -141,6 +141,8 @@
 
 #define SCM_TS_OPT_ID            0x005a
 
+#define SO_RX_IFINDEX            0x005b
+
 #if !defined(__KERNEL__)
 
 
diff --git a/include/uapi/asm-generic/socket.h b/include/uapi/asm-generic/socket.h
index deacfd6dd197..b16c69e22606 100644
--- a/include/uapi/asm-generic/socket.h
+++ b/include/uapi/asm-generic/socket.h
@@ -143,6 +143,8 @@
 
 #define SCM_TS_OPT_ID		81
 
+#define SO_RX_IFINDEX		82
+
 #if !defined(__KERNEL__)
 
 #if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__))
diff --git a/net/core/sock.c b/net/core/sock.c
index 7f398bd07fb7..6c985413c21f 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1932,6 +1932,10 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
 		v.val = READ_ONCE(sk->sk_mark);
 		break;
 
+	case SO_RX_IFINDEX:
+		v.val = READ_ONCE(sk->sk_rx_dst_ifindex);
+		break;
+
 	case SO_RCVMARK:
 		v.val = sock_flag(sk, SOCK_RCVMARK);
 		break;
-- 
2.47.0.105.g07ac214952-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ