Re: [PATCH mptcp-next] tcp: ulp: diag: remove net admin restriction

[Matthieu Baerts <matttbe@kernel.org>]

Hi Mat,

On 28/02/2025 22:39, Mat Martineau wrote:
> On Wed, 26 Feb 2025, Matthieu Baerts (NGI0) wrote:
> 
>> Since its introduction in commit 61723b393292 ("tcp: ulp: add functions
>> to dump ulp-specific information"), the ULP diag info have been exported
>> only if the requester had CAP_NET_ADMIN.
>>
>> It looks like there is nothing sensitive being exported here by the
>> MPTCP and KTLS layers. So it seems safe to remove this restriction in
>> order to ease the debugging from the userspace side without requiring
>> additional capabilities.
>>
> 
> Hi Matthieu -
> 
> I agree the token values aren't sensitive (we definitely wouldn't want
> to expose the keys exchanged with MP_CAPABLE, for example). Token values
> are like port numbers in terms of what's exposed.
> 
> The DSS mapping and ssn_offset do give all users on the system access to
> narrow ranges of values for the subflow TCP sequence numbers and MPTCP-
> level DSNs. The diag interface doesn't expose TCP sequence numbers for
> TCP sockets, it doesn't seem like a good idea to leak those through the
> mapping values either. WDYT?

Indeed, I was still thinking about that, and that's why I didn't send
this patch to netdev.

It sounds safer to let the different layers decide on what can be
exposed. In MPTCP case, it sounds indeed better not to expose sequence
numbers, only the token, IDs, and flags.

I will resurrect my previous version where I passed "net_admin" to the
two ULP diag callbacks.

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.