summaryrefslogtreecommitdiffstats
path: root/Documentation/sysctl
diff options
context:
space:
mode:
authorWillem de Bruijn <willemb@google.com>2015-01-30 13:29:32 -0500
committerDavid S. Miller <davem@davemloft.net>2015-02-02 18:46:51 -0800
commitb245be1f4db1a0394e4b6eb66059814b46670ac3 (patch)
treee9e4e746bcb24db72ae5a947c7001bab21211a8e /Documentation/sysctl
parent49ca0d8bfaf3bc46d5eef60ce67b00eb195bd392 (diff)
downloadlinux-b245be1f4db1a0394e4b6eb66059814b46670ac3.tar.bz2
net-timestamp: no-payload only sysctl
Tx timestamps are looped onto the error queue on top of an skb. This mechanism leaks packet headers to processes unless the no-payload options SOF_TIMESTAMPING_OPT_TSONLY is set. Add a sysctl that optionally drops looped timestamp with data. This only affects processes without CAP_NET_RAW. The policy is checked when timestamps are generated in the stack. It is possible for timestamps with data to be reported after the sysctl is set, if these were queued internally earlier. No vulnerability is immediately known that exploits knowledge gleaned from packet headers, but it may still be preferable to allow administrators to lock down this path at the cost of possible breakage of legacy applications. Signed-off-by: Willem de Bruijn <willemb@google.com> ---- Changes (v1 -> v2) - test socket CAP_NET_RAW instead of capable(CAP_NET_RAW) (rfc -> v1) - document the sysctl in Documentation/sysctl/net.txt - fix access control race: read .._OPT_TSONLY only once, use same value for permission check and skb generation. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/sysctl')
-rw-r--r--Documentation/sysctl/net.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/Documentation/sysctl/net.txt b/Documentation/sysctl/net.txt
index 666594b43cff..6294b5186ae5 100644
--- a/Documentation/sysctl/net.txt
+++ b/Documentation/sysctl/net.txt
@@ -97,6 +97,14 @@ rmem_max
The maximum receive socket buffer size in bytes.
+tstamp_allow_data
+-----------------
+Allow processes to receive tx timestamps looped together with the original
+packet contents. If disabled, transmit timestamp requests from unprivileged
+processes are dropped unless socket option SOF_TIMESTAMPING_OPT_TSONLY is set.
+Default: 1 (on)
+
+
wmem_default
------------