From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <moeller0@gmx.de>
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 89B8B3B2A4;
 Fri, 14 Apr 2023 02:08:35 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
 t=1681452513; i=moeller0@gmx.de;
 bh=8BC5G6xCPgddtPBYhS4Abcyl9o2/6JeFFjF6gG3dS4M=;
 h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To;
 b=a+Mz0wOJrplc/hoRYxGByt3COqggdFWU7dg5CqbYnLD+ZR/DMqx/vl8tuT+WX5eSK
 Z7tOTWAcSQzgsP6ISYBJYVkazBkCEyAT+HrGNveKXjCvsUDKH7cf51l2DP9bsKNPRp
 ItWw40qq8gPUMTwN1vBLfDmQR7wwif1Ze2Tq47pzCp1u/VM+TErMloeojm6F1+DgE4
 xGaR6uY0R5Wt85YeWB4AHCQyDgCusQw+Tcur4Rdy4d1sS5d8JZKwXohw9lUYbWypZZ
 jAa1RrEQG8rzOfhoPs+uIhquL0VHUy7xN/gR98jAON0cWvTEr5zh60Wg9WyMZDjeRG
 LbtsxOsrRuLuw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([77.8.213.130]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MxUs7-1qXTVg3KNF-00xrcA; Fri, 14
 Apr 2023 08:08:33 +0200
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <CAA93jw4-YMMw3WiU0QpPYT3c7SupnW2qWZHzSmRE1sK8hqpXgQ@mail.gmail.com>
Date: Fri, 14 Apr 2023 08:08:32 +0200
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>,
 bloat <bloat@lists.bufferbloat.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9232C347-0DAD-478E-AA98-9BFFEDCB5773@gmx.de>
References: <CAA93jw4-YMMw3WiU0QpPYT3c7SupnW2qWZHzSmRE1sK8hqpXgQ@mail.gmail.com>
To: =?utf-8?Q?Dave_T=C3=A4ht?= <dave.taht@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.2)
X-Provags-ID: V03:K1:zOphS+kIDpFSi7sKuY8Jz904j5sqEK1FR2FKQAgfuXU7vU2VR01
 3q8+MxpT/vL0QOmcNqQxeyzfDZ+yCuqw8j7cxlNTlPStmCvPV5UGo9UaujRgNj3I6w3+Ub+
 Z7AR5YhHbS1S4Ww7HbRl00kBhCaI2tmgJZQldY9wSfqdzv648TKyVH66CkRoeiVECWpR8Ty
 I4uJ4Fsa+LxnAI6D7gTLQ==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:3z7iln3U2Jk=;rt89L229PRAKsvVTqGioGrzP1ZC
 JzG+fc2DsLFeHeYjw01siIgLdKXt2xOF5RaUgM2uvJQpDqleEG6SA3KeR84ljSjXlWu/7Z4g4
 QvOfdOt0Qh4dHauZvgzbA6wEJBer4ptWVyZ0AKRxBt8xeyIE/IikAOViPO6Lw/wKwFtoCDMev
 O8uMMuj1b44sNsoGLlZyfQwpydgohq6loBEGPhaxryiv1agyLkR3wr7NYflTgrv1aMkgmifV4
 F3j9R7npoDoL4p1wHv0IAlE41k1TU8mCKao3oRuVjPBo8CzhbeLib8Pr4bTp18ifUA9yc6/pk
 fyPoNZIFDNkJIokp7YDzUEY0A5LQJH9AgWsvcm8ggf0lXaXC6Bv6BNXNXXT77VvWZdjS2wnOa
 vLYYWmND0qtJIl/CEqy6AVmolUejjHsLIhZ20cD/vlAb/5esPdrxriFiRSMyTAHfgVJ9rDqQy
 I1tER3oW+SDI+gwynAUQEIB6+dpptKqj9GtlkNd/Bt/oeVDgcO5lWhvA9f15ti11IuYv+K5sJ
 AeZb7samMMyAcIDatFaRdgwKlUaagsnEx2Vnn1TC18FZmfVdYht5AsFO9oO2mOYVrzVkQ/+te
 kE+JkPn3sZWlZbMENMAnr8rG9KQo3gBrvqpD69ACCKAqpV9OwFEGdypt/RnpACkIgH7SnIlQ2
 rfc32gtWzcHBwyZJP9ietSPGI3Zh2IcP/g2vTqcBsSfan2qxiG+HEbWYrOk6c5qipK0jtGOsO
 T5rZOO4VqRPHQWhvpG2MHJRTGf7U5NJnww+knxF/hVdaiHRiriRPCWgSiLtFNEpuZAu6ZQjZ+
 P0zNodVI0zAAUWfhDDHqLZtXLvlpjLJ5WjzDExIAnjWIdWhXiIbQhBNuKYrTiyICQWa/I+sEN
 fqhyD3EcrQKDMoKFWM5X7uMQEIFsn93cXCGH8dQe+iQYYmaJ1MIbMAkkC6ZkqyhPv7kafjHaF
 iPhZv1PXgdHv+LWsF+c7V2S/O7o=
Subject: Re: [Cerowrt-devel] can bus attack
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 06:08:35 -0000

Hi Dave,


> On Apr 14, 2023, at 06:04, Dave Taht via Cerowrt-devel =
<cerowrt-devel@lists.bufferbloat.net> wrote:
>=20
> The biggest bug with the early fq_codel deployment was that it dropped
> from head and fq'd which led to the prospect of messages sent out of
> order on the can protocol, which was not designed for that..

	[SM] How did CAN react to this bug? Fixing its design or simply =
requiring in-order-delivery?

> After
> much thought, we ended up overriding the default fq_codel qdisc, for a
> fifo, for the can bus devices, but there were a few years there where
> fq_codel was the default for can, in openwrt, which sometimes keeps me
> awake at night.

	[SM] How many critical CAN bus implementations actually use =
OpenWrt? I thought CAN is big in automobiles, so if any of those use =
OpenWrt that would be interesting news ;)


> This set of security bugs is bigger and essentially a message flood
> attack on a FIFO, making it possible to steal a car via accessing the
> headlamp, using a 10 dollar adaptor. Fascinating reading.
>=20
> https://kentindell.github.io/2023/04/03/can-injection/

	[SM] It appears automobile designers assumed a non-adversarial =
environment, which is odd given that 3rd party diagnostic dongles that =
interface with the car network/bus have been a thing for years.
	I guess the good thing is that we do have some well-tested =
techniques to harden such a design (that are unlikely to be =
retro-fitable into existing cars, assuming that vendors actually still =
care about older models anyway).

Regards
	Sebastian


>=20
>=20
> --
> AMA March 31: =
https://www.broadband.io/c/broadband-grant-events/dave-taht
> Dave T=C3=A4ht CEO, TekLibre, LLC
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel