Mail Archive Search: <+subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*Check\s+connect\s+address\s+in\s+NETLINK\s*$/>

Results:

References: [ +subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*Check\s+connect\s+address\s+in\s+NETLINK\s*$/: 30 ]

Total 30 documents matching your query.

1. Re: Check connect address in NETLINK (score: 1): Author: y Kuznetsov <kuznet@xxxxxxxxxxxxx>; Date: Mon, 5 Jul 2004 15:46:39 -0700; Applied, thanks Herbert.; /archives/netdev/2004-07/msg00100.html (8,576 bytes)
2. Check connect address in NETLINK (score: 1): Author: xxxxxxxxxxx>; Date: Tue, 29 Jun 2004 09:14:39 +1000; The recent thread on NLMSG_OK has reminded me about an old problem with NETLINK. The problem is that any user on the system can launch a DoS attack on any NETLINK application by flooding its NETLINK; /archives/netdev/2004-06/msg00797.html (8,848 bytes)
3. Re: Check connect address in NETLINK (score: 1): Author: x>; Date: Mon, 28 Jun 2004 17:30:39 -0700; This really won't break any existing legitimate cases? Are you sure?; /archives/netdev/2004-06/msg00798.html (8,773 bytes)
4. Re: Check connect address in NETLINK (score: 1): Author: vid S. Miller" <davem@xxxxxxxxxx>; Date: Tue, 29 Jun 2004 12:09:18 +1000; I would've thought that it shouldn't break anything. But let me have a look around and get back to you. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxx; /archives/netdev/2004-06/msg00802.html (9,421 bytes)
5. Re: Check connect address in NETLINK (score: 1): Author: xxxxx>; Date: Tue, 29 Jun 2004 12:22:52 +0400; Do you mean the restriction sort of made in AF_UNIX SOCK_DGRAM: a connected socket receives messages only from its destination? I think this is safe. It was not done because netlink sockets were exp; /archives/netdev/2004-06/msg00805.html (9,662 bytes)
6. Re: Check connect address in NETLINK (score: 1): Author: xxxxxxxx>; Date: Tue, 29 Jun 2004 18:45:52 +1000; Exactly. Another example would be UDP over IP. So it should be harmless to introduce this new semantics. That's kind of a good thing since it means that existing applications are less likely to call; /archives/netdev/2004-06/msg00806.html (10,720 bytes)
7. Re: Check connect address in NETLINK (score: 1): Author: xxxxxxxx>; Date: Tue, 29 Jun 2004 15:14:33 +0400; I think we can. Alexey; /archives/netdev/2004-06/msg00807.html (9,168 bytes)
8. Re: Check connect address in NETLINK (score: 1): Author: xxxxxxxxxx>; Date: Tue, 29 Jun 2004 21:18:33 +1000; Great. I'll code it up then. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key:; /archives/netdev/2004-06/msg00808.html (9,861 bytes)
9. Re: Check connect address in NETLINK (score: 1): Author: >; Date: Wed, 30 Jun 2004 21:27:51 +1000; Actually that doesn't quite work. Users are allowed to bind to any non-zero address including -1. Besides, we already have sock->sk_state and socket->state which are perfect for this. So here is a pa; /archives/netdev/2004-06/msg00845.html (10,753 bytes)
10. Re: Check connect address in NETLINK (score: 1): Author: ik <jgarzik@xxxxxxxxx>; Date: Wed, 30 Jun 2004 16:00:45 +0400; No-no-no! sock->sk_socket can be NULL at this point. You can use sock->sk_state = TCP_ESTABLISHED, forxample. Alexey; /archives/netdev/2004-06/msg00847.html (9,610 bytes)
11. Re: Check connect address in NETLINK (score: 1): Author: i@xxxxxxx; Date: Wed, 30 Jun 2004 22:08:28 +1000; OK. Can you give me a code path that allows sk_socket to be NULL at this point? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home P; /archives/netdev/2004-06/msg00848.html (10,373 bytes)
12. Re: Check connect address in NETLINK (score: 1): Author: xxx>; Date: Wed, 30 Jun 2004 16:14:20 +0400; cpu 0: cpu1 (or just preempted cpu) sk = netlink_lookup(...); ... closing sk netlink_release() clears sk_socket use sk->sk_socket. Oops. Alexey; /archives/netdev/2004-06/msg00849.html (9,955 bytes)
13. Re: Check connect address in NETLINK (score: 1): Author: xxxx>; Date: Wed, 30 Jun 2004 22:40:50 +1000; Thanks for the example. Here is a version that uses sk_state instead. Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~; /archives/netdev/2004-06/msg00850.html (10,927 bytes)
14. Re: Check connect address in NETLINK (score: 1): Author: Andre Tomt <andre@xxxxxxxx>; Date: Wed, 30 Jun 2004 15:36:06 -0700; Why don't you combine the two "ERR_PTR(-ECONNREFUSED)" tests into one test like: if ((nlk->pid == 0 && !nlk->data_ready) || (sock->sk_state == NELTINK_CONNECTED && nlk->dst_pid != nlk_sk(ssk)->pid)); /archives/netdev/2004-06/msg00866.html (10,080 bytes)
15. Re: Check connect address in NETLINK (score: 1): Author: ik <jgarzik@xxxxxxxxx>; Date: Thu, 1 Jul 2004 09:01:47 +1000; Well at least under i386, gcc (3.3.4) is smart enough to merge these common exit paths. But yes we could merge them. What about the following incremental patch? -- Visit Openswan at http://www.opensw; /archives/netdev/2004-06/msg00867.html (11,162 bytes)
16. Re: Check connect address in NETLINK (score: 1): Author: "David S. Miller" <davem@xxxxxxxxxx>; Date: Mon, 5 Jul 2004 15:46:39 -0700; Applied, thanks Herbert.; /archives/netdev/2004-07/msg00916.html (9,208 bytes)
17. Check connect address in NETLINK (score: 1): Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Date: Tue, 29 Jun 2004 09:14:39 +1000; Hi: The recent thread on NLMSG_OK has reminded me about an old problem with NETLINK. The problem is that any user on the system can launch a DoS attack on any NETLINK application by flooding its NETL; /archives/netdev/2004-06/msg01681.html (8,893 bytes)
18. Re: Check connect address in NETLINK (score: 1): Author: "David S. Miller" <davem@xxxxxxxxxx>; Date: Mon, 28 Jun 2004 17:30:39 -0700; This really won't break any existing legitimate cases? Are you sure?; /archives/netdev/2004-06/msg01682.html (8,831 bytes)
19. Re: Check connect address in NETLINK (score: 1): Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Date: Tue, 29 Jun 2004 12:09:18 +1000; I would've thought that it shouldn't break anything. But let me have a look around and get back to you. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxx; /archives/netdev/2004-06/msg01686.html (9,569 bytes)
20. Re: Check connect address in NETLINK (score: 1): Author: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>; Date: Tue, 29 Jun 2004 12:22:52 +0400; Hello! Do you mean the restriction sort of made in AF_UNIX SOCK_DGRAM: a connected socket receives messages only from its destination? I think this is safe. It was not done because netlink sockets we; /archives/netdev/2004-06/msg01689.html (9,720 bytes)

Current List: 1 - 20
Page: [1] [2]