Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp913278ybi; Fri, 21 Jun 2019 10:15:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqxoHd+BZhqe/67udtaa/FU9+N8y9nypioxqLBqj4lBfSRHNWquosKwoK4+2jCCOHqcrnmnN X-Received: by 2002:a63:a61:: with SMTP id z33mr1437127pgk.154.1561137309111; Fri, 21 Jun 2019 10:15:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561137309; cv=none; d=google.com; s=arc-20160816; b=R8eBmjtEMcRm7bgAQWTPVRRUJFHPr9dmaXykYClkczQV4DgW5XXNDIWI4QWd39cRlA DffDcDDUDjyzgzFXsc28bwDhzLH7KTV/aIYOxLIorHXRR9g4BhQu4My0+HTU4MFdEA5x DQ+23ZCdUtx+vPgx0zCmPBT66of4tgP6Io1idkXemhPziakZ3cTz22bCT9p/6Z/9bNhQ iRxQU7gd8nDI8S+s0MV7ktC/JSus7aBs5cZtAuS9Tp+WLaHms0YE8eIP5/x9kBb8dVqs MFvFPSc33DKRWQIeamgNtHgqEIwC0FklD0cKLI9m8ymOSH0nOwqoIfVN+paG7MGmhljU kqtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=Ts6bDWGram+dVfsUFCHCTCLS3nqJnHBiIMFNifP063M=; b=Mb+absw6+8XBU0ilRVPYbeKUYjGvQR/V+ZJH+e1uSyc/UP4bcYSbgi+99IPyDKwzvX nS1nnbMIEEpJpPxqx6ZhXTv4uFn3y28FPXDRa9QiujJonax+te6BvXN8u17Uc/c9OoJv Bhu/JjMt2Am9+HiDZpMvRYdhWfYHuLtK4GsO5Z1WHA5Et8igSsxPpEIVveC2bbXstUDY QXmZOmTFp0rCTIpgWDJCyfiQbGFicTUbziduEQm/O1Eul0gNF5JgAUNt1Ca5bxQYmxUp QZUIXBJur6SJlAWu5NawzsDgqHZL10IDyQHbNvxFGJtYG0Eu+WxoyFbw7lFkjO1vYm6H rwZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="bMd2oW/4"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r20si2968222pls.389.2019.06.21.10.14.40; Fri, 21 Jun 2019 10:15:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="bMd2oW/4"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726254AbfFUROC (ORCPT + 99 others); Fri, 21 Jun 2019 13:14:02 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:41959 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726002AbfFUROC (ORCPT ); Fri, 21 Jun 2019 13:14:02 -0400 Received: by mail-io1-f68.google.com with SMTP id w25so34099ioc.8 for ; Fri, 21 Jun 2019 10:14:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Ts6bDWGram+dVfsUFCHCTCLS3nqJnHBiIMFNifP063M=; b=bMd2oW/4Xf416oCSmZ5iG2bphyyMHe+FyDaIi0IGclqbBGQ4AkcguMQROXDWyitk+e rBrLhSDxq8WWuVIen9sEC3UE56BCAYNwVSBC8a4Ttr8nTrzi383IA9oLLYpRZzow1uFU 6kSQ8H7KsSbT6OoPoJ/jW4HxGXd5qdMwt8QfP5Y+UoIWiJ7M301NRI+8GLjAy6UVGF2K IKQRKKrZMxuMuAAVexKBbABU2uKz0cLRCtjXLNMWgKpAiXKyCZV1oH+BLAOFZ7QwKMhO cPcls5TX9JtofHlywjofnYSsaP5BVO7wOLUT0wFw+brP7tXVALK9tQtJSsAQJmGA+Ap/ 4xEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Ts6bDWGram+dVfsUFCHCTCLS3nqJnHBiIMFNifP063M=; b=CM3rUtUXKTGwgWyPTKZjlWbrQF/dQyx4gX3WxkkitMv5L93UMrcOMXbNib2TujG85s +aysYCARBrvN97syVJsyv0SxMJgVkF92JJ8elFszlBPi357FOjvALfZYgMEeLQ9n4Kgk /3fXA9YHfNz4n+5NQ996K+9zPCyf0UHxUqwaSUdpQruB9V1bZsuewpme/u4nukR0rDyR +PWp8v9H77ptouXVyMgz3ROTpUo1d/k73t27Zgj25zKBHQ1mNH90HqoH0Bg72jk0QQHO l7Zaqm9S0t2/EiM8O1SEI+b9WXsP3pWVZXK5LHFXJWSKi8UfSkKGkzZkSWyOWIR1wNmx Dy2g== X-Gm-Message-State: APjAAAU2++p1jB7jIrte5TJnRH9qx55WWELd5lOYvGTyIV2/AzAvDpZ/ J1sOTiqSCVRsjX5nrSIzFtSvChrS X-Received: by 2002:a5e:9314:: with SMTP id k20mr14645024iom.235.1561137242964; Fri, 21 Jun 2019 10:14:02 -0700 (PDT) Received: from new-host-2.home ([2605:a601:808:1001:37ba:4f0a:192f:f945]) by smtp.googlemail.com with ESMTPSA id l2sm2550807ioh.20.2019.06.21.10.14.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Jun 2019 10:14:02 -0700 (PDT) Subject: Re: [PATCH v2 2/3] nl80211: Limit certain commands to interface owner To: Arend Van Spriel , Johannes Berg Cc: linux-wireless@vger.kernel.org References: <20190620220749.10071-1-denkenz@gmail.com> <20190620220749.10071-2-denkenz@gmail.com> <11852f40-67e5-9122-7d82-077bdd0b014a@broadcom.com> From: Denis Kenzior Message-ID: Date: Fri, 21 Jun 2019 12:14:01 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <11852f40-67e5-9122-7d82-077bdd0b014a@broadcom.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi Arend, On 06/21/2019 03:09 AM, Arend Van Spriel wrote: > On 6/21/2019 12:07 AM, Denis Kenzior wrote: >> If the wdev object has been created (via NEW_INTERFACE) with >> SOCKET_OWNER attribute set, then limit certain commands only to the >> process that created that wdev. >> >> This can be used to make sure no other process on the system interferes >> by sending unwanted scans, action frames or any other funny business. > > The flag is a good addition opposed to having handlers deal with it. > However, earlier motivation for SOCKET_OWNER use was about netlink > multicast being unreliable, which I can agree to. However, avoiding ??? I can't agree to that as I have no idea what you're talking about :) Explain? SOCKET_OWNER was introduced mainly to bring down links / scans / whatever in case the initiating process died. As a side effect it also helped in the beginning when users ran iwd + wpa_s simultaneously (by accident) and all sorts of fun ensued. We then re-used SOCKET_OWNER for running EAPoL over NL80211. But 'multicast unreliability' was never an issue that I recall? > "funny business" is a different thing. Our testing infrastructure is > doing all kind of funny business. Guess we will need to refrain from So you're going behind the managing daemon's back and messing with the kernel state... I guess the question is why? But really, if wpa_s wants to tolerate that, that is their problem :) iwd doesn't want to, nor do we want to deal with the various race conditions and corner cases associated with that. Life is hard as it is ;) > using any user-space wireless tools that use the SOCKET_OWNER attribute, > but how do we know? Somehow I suspect iwd is one to avoid ;-) I have yet I guess you will be avoiding wpa_s since that one uses SOCKET_OWNER too ;) > to give iwd a spin, but this SOCKET_OWNER strategy kept me from it. > Maybe iwd could have a developer option which disables the use of the > SOCKET_OWNER attribute. Okay? Not sure what you're trying to say here? I'd interpret this as "You guys suck. I'm taking my ball and going home?" but I hope this isn't what you're saying? Regards, -Denis