On 21.05.2016 00:37, Tom Herbert wrote: > Hi, > > In ipv6_sockglue.c I noticed: > > /* hop-by-hop / destination options are privileged option */ > retv = -EPERM; > if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) > break; > > Can anyone provide that rationale as to why these are privileged ops?
There are some options inherently protocol depending like the jumbo payload option, which should be under control of the kernel, or the router alert option for igmp, which causes packets to be steered towards the slow/software path of routers, which can be used for DoS attacks. Setting CALIPSO options in IPv6 on packets as users would defeat the whole CALIPSO model, etc. The RFC3542 requires at least some of the options in dst/hop-by-hop extensions to be only be settable by privileged users. More fine-grained parsing and setting of those options has never been implemented. AFAIK people worried about the parsing overhead and thus decided to block it for ordinary users. Bye, Hannes
