From patchwork Wed Mar 27 09:21:03 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 231622
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id C6E4D2C009B
	for <incoming@patchwork.ozlabs.org>;
	Wed, 27 Mar 2013 20:21:40 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752589Ab3C0JVf (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Wed, 27 Mar 2013 05:21:35 -0400
Received: from mx1.redhat.com ([209.132.183.28]:13152 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751303Ab3C0JVc (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Wed, 27 Mar 2013 05:21:32 -0400
Received: from int-mx12.intmail.prod.int.phx2.redhat.com
	(int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r2R9LBoo030495
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Wed, 27 Mar 2013 05:21:11 -0400
Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com
	[10.33.200.60])
	by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id r2R9L3Ix013996
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256
	verify=NO); Wed, 27 Mar 2013 05:21:09 -0400
Message-ID: <5152B9FF.7050705@redhat.com>
Date: Wed, 27 Mar 2013 10:21:03 +0100
From: Florian Weimer <fweimer@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130311 Thunderbird/17.0.4
MIME-Version: 1.0
To: Pablo Neira Ayuso <pablo@netfilter.org>
CC: Neil Horman <nhorman@tuxdriver.com>,
	netfilter-devel@vger.kernel.org, Hushan Jia <hushan.jia@gmail.com>
Subject: Re: [PATCH] libmnl: Add filtering support to library as a
	convienience
References: <1364307643-21747-1-git-send-email-nhorman@tuxdriver.com>
	<20130326205028.GA7117@localhost>
In-Reply-To: <20130326205028.GA7117@localhost>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

On 03/26/2013 09:50 PM, Pablo Neira Ayuso wrote:

> I remember that report from Florian. After some discussion, I proposed
> this solution:
>
> commit 20e1db19db5d6b9e4e83021595eab0dc8f107bef
> Author: Pablo Neira Ayuso <pablo@netfilter.org>
> Date:   Thu Aug 23 02:09:11 2012 +0000
>
>      netlink: fix possible spoofing from non-root processes
>
> Basically, it disables netlink-to-netlink communications between
> non-root processes (with the exception of NETLINK_USERSOCK), so
> non-root processes cannot spoof messages anymore.

We are a bit in a bind here because we need to support kernels without 
this patch, and we don't want to add symbols to libmnl which aren't part 
of upstream.

Perhaps an interface to access the sender socket address would be an 
acceptable compromise, like the attached patch?  That would be useful 
independently.

From 7da5a365c9908972726243b12b91666352c1ee31 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 27 Mar 2013 10:19:35 +0100
Subject: [PATCH 2/2] mnl_socket_peer_address: Add function to retrieve the
 sender address

This allows callers of mnl_socket_recvfrom to examine the address,
for instance, to give special treatment to messages sent by the kernel.

Signed-off-by: Florian Weimer <fweimer@redhat.com>
---
 include/libmnl/libmnl.h |  1 +
 src/libmnl.map          |  4 ++++
 src/socket.c            | 24 ++++++++++++++++++++----
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/include/libmnl/libmnl.h b/include/libmnl/libmnl.h
index 5145ba5..74995fa 100644
--- a/include/libmnl/libmnl.h
+++ b/include/libmnl/libmnl.h
@@ -33,6 +33,7 @@ extern int mnl_socket_get_fd(struct mnl_socket *nl);
 extern unsigned int mnl_socket_get_portid(const struct mnl_socket *nl);
 extern ssize_t mnl_socket_sendto(struct mnl_socket *nl, const void *req, size_t siz);
 extern ssize_t mnl_socket_recvfrom(struct mnl_socket *nl, void *buf, size_t siz);
+extern struct sockaddr_nl *mnl_socket_peer_address(struct mnl_socket *nl);
 extern int mnl_socket_setsockopt(struct mnl_socket *nl, int type, void *buf, socklen_t len);
 extern int mnl_socket_getsockopt(const struct mnl_socket *nl, int type, void *buf, socklen_t *len);
 
diff --git a/src/libmnl.map b/src/libmnl.map
index dbc332e..626ea87 100644
--- a/src/libmnl.map
+++ b/src/libmnl.map
@@ -69,6 +69,10 @@ global:
 local: *;
 };
 
+LIBMNL_1.0.3 {
+  mnl_socket_peer_address;
+};
+
 LIBMNL_1.1 {
   mnl_attr_parse_payload;
 } LIBMNL_1.0;
diff --git a/src/socket.c b/src/socket.c
index c77af91..1d956a0 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -8,6 +8,7 @@
  */
 
 #include <libmnl/libmnl.h>
+#include <string.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <stdlib.h>
@@ -69,6 +70,7 @@
 struct mnl_socket {
 	int 			fd;
 	struct sockaddr_nl	addr;
+	struct sockaddr_nl	peer;
 };
 
 /**
@@ -206,14 +208,13 @@ ssize_t
 mnl_socket_recvfrom(struct mnl_socket *nl, void *buf, size_t bufsiz)
 {
 	ssize_t ret;
-	struct sockaddr_nl addr;
 	struct iovec iov = {
 		.iov_base	= buf,
 		.iov_len	= bufsiz,
 	};
 	struct msghdr msg = {
-		.msg_name	= &addr,
-		.msg_namelen	= sizeof(struct sockaddr_nl),
+		.msg_name	= &nl->peer,
+		.msg_namelen	= sizeof(nl->peer),
 		.msg_iov	= &iov,
 		.msg_iovlen	= 1,
 		.msg_control	= NULL,
@@ -221,8 +222,10 @@ mnl_socket_recvfrom(struct mnl_socket *nl, void *buf, size_t bufsiz)
 		.msg_flags	= 0,
 	};
 	ret = recvmsg(nl->fd, &msg, 0);
-	if (ret == -1)
+	if (ret == -1) {
+		memset(&nl->peer, 0, sizeof(nl->peer));
 		return ret;
+	}
 
 	if (msg.msg_flags & MSG_TRUNC) {
 		errno = ENOSPC;
@@ -237,6 +240,19 @@ mnl_socket_recvfrom(struct mnl_socket *nl, void *buf, size_t bufsiz)
 EXPORT_SYMBOL(mnl_socket_recvfrom);
 
 /**
+ * mnl_socket_peer_address - return the sender of the last message
+ *
+ * The address is only valid after a successful call to
+ * mnl_socket_recvfrom().  The returned pointer is valid until
+ * mnl_socket_close() is called; it must not be freed by the caller.
+ */
+struct sockaddr_nl *
+mnl_socket_peer_address(struct mnl_socket *nl)
+{
+	return &nl->peer;
+}
+
+/**
  * mnl_socket_close - close a given netlink socket
  * \param nl netlink socket obtained via mnl_socket_open()
  *
-- 
1.8.1.4