[PATCH] IPv4 raw_hdrincl

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] IPv4 raw_hdrincl_nomangle sysctl
@ 2008-12-17 20:44 Kris Katterjohn
  2008-12-17 20:48 ` David Miller
  0 siblings, 1 reply; 5+ messages in thread
From: Kris Katterjohn @ 2008-12-17 20:44 UTC (permalink / raw)
  To: netdev

[-- Attachment #1: Type: text/plain, Size: 1768 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

Sometimes it's just plain useful to be able to build full bogus IP packets and
be able to send them, such as to see how different pieces of software react to
them.  This is an interest of mine.

I've attached a patch to add a net.ipv4.raw_hdrincl_nomangle sysctl (defaults
to 0) to control whether or not Linux changes the header passed using
IP_HDRINCL (checksum, IPID, etc).  This way it's not required to build a
special kernel simply to have control over what you send.  This was needed,
for example, in this discussion[1] on Nmap's packet handling.

I'm obviously not a regular kernel developer, so any hints on making this
patch better would be much appreciated.  It works great for me, though, and
it's quite simple.

Thanks,
Kris Katterjohn

[1] http://seclists.org/nmap-dev/2008/q4/index.html#543


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJSWTFAAoJEP9K37xXYl36F/kP/jfoLpeA7T4c2mSKcdIRMDDf
FLhuxCeqK3TnKPopRL5PBe0r1JJOGrYjQkdtOoajbWIa6nFNZ1l4GA3S7qrs+kXU
VnTV6qA2VIiDH/SgfWj6lOcHLhCAePnQYukl1fcYnhSgiwNDXSjav+LudlyN2oRa
/yJMgceVsvS3vP31Y9U2Go6RlxcCAxqwLnkepbzCpStzM93cIXiTwSOwhTqP0k9c
seZ5vhYGdVL/uoCkztGoEkdxpt1FBnS8UQsF8ljbo0GvTsz3ojWRpYq0Z15/ZT+c
y/bdR1HwCCHNss6Wxda4RDrRbDRgGzz+MfqWtEDCA/nKD74aMYAQtz/3iG5hMn2z
m46qNQ1OyYQqebU8zHMHTNBilkRNTIUvvzu9LdgY2axxzb/2GoJYrMXPAiqrc9Jf
CeVBk7yrIAaA5HqaXUzmwzZTWqWSUwkrUtjnJ9jiCY7iQY+kLyh6IdvwrIZF6oZ2
yBlrSyuGgtnQnCyUS3zvHA2VJhvinGIL8RWFxZhS+DD7ODKzZfsllm/7bkORvjGl
0YmciQGWTnr4pJaYCK87n16lqvw98t5UTMtPmtQxHbyWkAOTPSQYvbIH+5wS9qvJ
Llppo6TFJSS9E4YX+IkAcS3452zSb8ySxM2u1UHt40GvPbodFmx7btKxtClsGX1u
5SZnaWxHcgdSk20sxd2N
=sbTx
-----END PGP SIGNATURE-----

[-- Attachment #2: rawsysctl.patch --]
[-- Type: text/x-diff, Size: 1558 bytes --]

--- linux/net/ipv4/sysctl_net_ipv4.c	2008-12-13 17:56:16.000000000 -0600
+++ linux/net/ipv4/sysctl_net_ipv4.c	2008-12-17 13:57:26.000000000 -0600
@@ -28,6 +28,7 @@ static int ip_local_port_range_max[] = {
 
 extern seqlock_t sysctl_port_range_lock;
 extern int sysctl_local_port_range[2];
+extern int sysctl_raw_hdrincl_nomangle;
 
 /* Update system visible IP port range */
 static void set_local_port_range(int range[2])
@@ -745,6 +746,14 @@ static struct ctl_table ipv4_table[] = {
 		.strategy	= &sysctl_intvec,
 		.extra1		= &zero
 	},
+	{
+		.ctl_name	= CTL_UNNUMBERED,
+		.procname	= "raw_hdrincl_nomangle",
+		.data		= &sysctl_raw_hdrincl_nomangle,
+		.maxlen		= sizeof(sysctl_raw_hdrincl_nomangle),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec
+	},
 	{ .ctl_name = 0 }
 };
 
--- linux/net/ipv4/raw.c	2008-12-13 17:56:16.000000000 -0600
+++ linux/net/ipv4/raw.c	2008-12-16 20:42:20.000000000 -0600
@@ -82,6 +82,9 @@ static struct raw_hashinfo raw_v4_hashin
 	.lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
 };
 
+int sysctl_raw_hdrincl_nomangle __read_mostly;
+EXPORT_SYMBOL(sysctl_raw_hdrincl_nomangle);
+
 void raw_hash_sk(struct sock *sk)
 {
 	struct raw_hashinfo *h = sk->sk_prot->h.raw_hash;
@@ -358,7 +361,8 @@ static int raw_send_hdrinc(struct sock *
 
 	/* We don't modify invalid header */
 	iphlen = iph->ihl * 4;
-	if (iphlen >= sizeof(*iph) && iphlen <= length) {
+	if (iphlen >= sizeof(*iph) && iphlen <= length &&
+	    sysctl_raw_hdrincl_nomangle == 0) {
 		if (!iph->saddr)
 			iph->saddr = rt->rt_src;
 		iph->check   = 0;

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] IPv4 raw_hdrincl_nomangle sysctl
  2008-12-17 20:44 [PATCH] IPv4 raw_hdrincl_nomangle sysctl Kris Katterjohn
@ 2008-12-17 20:48 ` David Miller
  2008-12-17 21:11   ` Kris Katterjohn
  2008-12-17 22:21   ` Rémi Denis-Courmont
  0 siblings, 2 replies; 5+ messages in thread
From: David Miller @ 2008-12-17 20:48 UTC (permalink / raw)
  To: katterjohn; +Cc: netdev

From: Kris Katterjohn <katterjohn@gmail.com>
Date: Wed, 17 Dec 2008 14:44:58 -0600

> I've attached a patch to add a net.ipv4.raw_hdrincl_nomangle sysctl (defaults
> to 0) to control whether or not Linux changes the header passed using
> IP_HDRINCL (checksum, IPID, etc).  This way it's not required to build a
> special kernel simply to have control over what you send.  This was needed,
> for example, in this discussion[1] on Nmap's packet handling.

If you want full control, use AF_PACKET to send your frames.

Yes, this means you'll need to choose the outgoing device and compose
the link level header, but that's the price for control.

Using IPV4 RAW sockets implies you want some help from that
part of the stack, if you don't then simply use direct pure
packet sends via AF_PACKET.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] IPv4 raw_hdrincl_nomangle sysctl
  2008-12-17 20:48 ` David Miller
@ 2008-12-17 21:11   ` Kris Katterjohn
  2008-12-17 22:21   ` Rémi Denis-Courmont
  1 sibling, 0 replies; 5+ messages in thread
From: Kris Katterjohn @ 2008-12-17 21:11 UTC (permalink / raw)
  To: David Miller; +Cc: netdev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2008 02:48 PM, David Miller wrote:
> From: Kris Katterjohn <katterjohn@gmail.com>
> Date: Wed, 17 Dec 2008 14:44:58 -0600
> 
>> I've attached a patch to add a net.ipv4.raw_hdrincl_nomangle sysctl (defaults
>> to 0) to control whether or not Linux changes the header passed using
>> IP_HDRINCL (checksum, IPID, etc).  This way it's not required to build a
>> special kernel simply to have control over what you send.  This was needed,
>> for example, in this discussion[1] on Nmap's packet handling.
> 
> If you want full control, use AF_PACKET to send your frames.
> 
> Yes, this means you'll need to choose the outgoing device and compose
> the link level header, but that's the price for control.
> 
> Using IPV4 RAW sockets implies you want some help from that
> part of the stack, if you don't then simply use direct pure
> packet sends via AF_PACKET.

Indeed I guess I will just use PF_PACKET from now on.  It's just that the
convenience of SOCK_RAW/IP_HDRINCL compared to doing the same thing with
AF_PACKET makes it a good choice for this in my mind, as long as the default
behavior is to still make the modifications as it is now.

Of course I still think 'sysctl net.ipv4.raw_hdrincl_nomangle=1' is price
enough for control :)

Thanks for the very speedy response,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJSWrcAAoJEP9K37xXYl36BYQQAJXkze06P4Q01co2ouXo2NW1
kW62Mnlvul34+y6y7vQCyIY51NLhjSSSbHnYnTqkwDOek3ai+7oux7H8B0o6QG7X
2Uf+aJVRjHGKsQrr3fPweXkvrCllkRVjht0SXNmPvRk7ey9Gobe59BPbfmLOTyp3
8P7G8hyT71hdfvUrWBLwXO9OgPntUVhZYKJdkPwVFjsrzOlCeTIB1SA/GdsMQFEr
ZzO7YN0MsGl3CmcxQtDqtvkhJeBoy93fC+KE4n+h0G8lGaXkEVBtTXvIPxV4CgTV
tCaZtDPkxePcT5oCFnzvht3BZ0UG18kodn6nPItbW2rX6jO77rOMJj+8ZNu9n8KC
UC4Bda3i7XBWfltp6NK6FsdNz3VFeIRNc5nw50lYci0IAUGGZSzNvCs6STGKYzeb
gWQwwRxqR0hUCZrZ10/mFqNV4BwgzBLA7TvPVRTql3stXNs1hl4syMJzCxjETOou
28iOEGGQCN4nihkr6qKUPKuf9zpg3MlKJnGkMFuJFz16K8pAadeNRtQolwfqOdyT
EKkG50MrQVEtAFNo4cLyW7lCSXrYdqV8AY1tQkfkqOeeuAz/CEW99o2YbsPzIpNb
CNUzjXbxjc2XJZs+aoDhY5uox64ORbxhXv9pdqjI4i1YQcF/tFlmFIN5Y2+0/Y6A
u8RNb4ayD1J4qQ2ZtWFn
=n6Mg
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] IPv4 raw_hdrincl_nomangle sysctl
  2008-12-17 20:48 ` David Miller
  2008-12-17 21:11   ` Kris Katterjohn
@ 2008-12-17 22:21   ` Rémi Denis-Courmont
  2008-12-18  0:52     ` Herbert Xu
  1 sibling, 1 reply; 5+ messages in thread
From: Rémi Denis-Courmont @ 2008-12-17 22:21 UTC (permalink / raw)
  To: David Miller; +Cc: katterjohn, netdev

Le mercredi 17 décembre 2008, David Miller a écrit :
> If you want full control, use AF_PACKET to send your frames.
>
> Yes, this means you'll need to choose the outgoing device and compose
> the link level header, but that's the price for control.

Does SOCK_DGRAM not save userland from crafting the LL header - contrary 
to SOCK_RAW?

-- 
Rémi Denis-Courmont
http://www.remlab.net/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] IPv4 raw_hdrincl_nomangle sysctl
  2008-12-17 22:21   ` Rémi Denis-Courmont
@ 2008-12-18  0:52     ` Herbert Xu
  0 siblings, 0 replies; 5+ messages in thread
From: Herbert Xu @ 2008-12-18  0:52 UTC (permalink / raw)
  To: Rémi Denis-Courmont; +Cc: David Miller, katterjohn, netdev

On Wed, Dec 17, 2008 at 10:21:00PM +0000, Rémi Denis-Courmont wrote:
>
> Does SOCK_DGRAM not save userland from crafting the LL header - contrary 
> to SOCK_RAW?

Right, but you still need to supply the destination MAC address.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2008-12-18  0:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-17 20:44 [PATCH] IPv4 raw_hdrincl_nomangle sysctl Kris Katterjohn
2008-12-17 20:48 ` David Miller
2008-12-17 21:11   ` Kris Katterjohn
2008-12-17 22:21   ` Rémi Denis-Courmont
2008-12-18  0:52     ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).