From: Tom Herbert <tom@herbertland.com>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Sowmini Varadhan <sowmini.varadhan@oracle.com>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Subject: Re: IPv6 extension header privileges
Date: Sat, 21 May 2016 09:00:36 -0700 [thread overview]
Message-ID: <CALx6S36scChuaS+uygAu4zk9gEz_qA=BSwX4f=kC_YXurTpMqw@mail.gmail.com> (raw)
In-Reply-To: <6a889c73-efb1-7d4c-ba33-8b076378fcb7@stressinduktion.org>
On Sat, May 21, 2016 at 8:33 AM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> On 21.05.2016 17:19, Tom Herbert wrote:
>> On Sat, May 21, 2016 at 2:34 AM, Hannes Frederic Sowa
>> <hannes@stressinduktion.org> wrote:
>>> On Sat, May 21, 2016, at 03:56, Sowmini Varadhan wrote:
>>>> On (05/21/16 02:20), Hannes Frederic Sowa wrote:
>>>>>
>>>>> There are some options inherently protocol depending like the jumbo
>>>>> payload option, which should be under control of the kernel, or the
>>>>> router alert option for igmp, which causes packets to be steered towards
>>>>> the slow/software path of routers, which can be used for DoS attacks.
>>>>>
>>>>> Setting CALIPSO options in IPv6 on packets as users would defeat the
>>>>> whole CALIPSO model, etc.
>>>>>
>>>>> The RFC3542 requires at least some of the options in dst/hop-by-hop
>>>>
>>>> "requires" is a strong word. 3542 declares it as a "may" (lower case).
>>>> The only thing required strongly is IPV6_NEXTHOP itself.
>>>>
>>>> I suspect 3542 was written at a time when hbh and dst opt were loosely
>>>> defined and the "may" is just a place-holder (i.e., it's not even a MAY)
>>>
>>> My wording directly from the RFC was too strong, true, but given that
>>> there is a CALIPSO patch already floating around for the kernel and
>>> those options are strictly controlled by selinux policy and build the
>>> foundation for the networking separation we can't make it simply
>>> non-priv.
>>>
>> If you don't mind I'll change this to make specific options are
>> privileged and not all hbh and destopt. There is talk in IETF about
>> reinventing IP extensibility within UDP since the kernel APIs don't
>> allow setting EH. I would like to avoid that :-)
>
> Hehe, certainly.
>
> A white list of certain registered IPv6 IANA-options for non-priv whould
> certainly fly in my opinion. That is what I meant with "More
> fine-grained parsing and setting of those options has never been
> implemented." from my first mail.
>
> I am not that certain about a blacklist though, but haven't thought
> about that enough. I didn't yet get around to review other options, but
> basically people could use private options in some proprietary settings
> and we could break their assumptions by such a change.
>
> Would a white list be sufficient?
>
Probably not. The "kernel is the problem" community always seem to be
looking for even the slightest API or implementation deficiency to
justify bypassing the kernel entirely. :-(
Tom
> Bye,
> Hannes
>
next prev parent reply other threads:[~2016-05-21 16:05 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 22:37 IPv6 extension header privileges Tom Herbert
2016-05-21 0:20 ` Hannes Frederic Sowa
2016-05-21 1:56 ` Sowmini Varadhan
2016-05-21 9:34 ` Hannes Frederic Sowa
2016-05-21 10:02 ` Sowmini Varadhan
2016-05-21 15:19 ` Tom Herbert
2016-05-21 15:33 ` Hannes Frederic Sowa
2016-05-21 16:00 ` Tom Herbert [this message]
2016-05-21 16:16 ` Hannes Frederic Sowa
2016-05-21 17:46 ` Sowmini Varadhan
2016-05-22 1:08 ` Hannes Frederic Sowa
2016-05-22 11:56 ` Sowmini Varadhan
2016-05-22 12:13 ` Hannes Frederic Sowa
2016-05-23 18:11 ` Tom Herbert
2016-05-26 18:42 ` Tom Herbert
2016-05-27 9:53 ` Hannes Frederic Sowa
2016-05-27 15:03 ` Sowmini Varadhan
2016-05-27 16:59 ` Tom Herbert
2016-05-27 17:14 ` Hannes Frederic Sowa
2016-05-27 17:38 ` Tom Herbert
2016-05-27 16:46 ` Hannes Frederic Sowa
2016-05-27 17:05 ` Tom Herbert
2016-05-21 16:28 ` Hannes Frederic Sowa
2016-05-27 3:37 ` YOSHIFUJI Hideaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALx6S36scChuaS+uygAu4zk9gEz_qA=BSwX4f=kC_YXurTpMqw@mail.gmail.com' \
--to=tom@herbertland.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
--cc=sowmini.varadhan@oracle.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).