| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 12:16:59 -0500 From: Vlad Yasevich <vladislav.yasevich@...com> To: Neil Horman <nhorman@...driver.com> Cc: Sridhar Samudrala <sri@...ibm.com>, YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org>, davem@...emloft.net, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, kaber@...eworks.de, netdev@...r.kernel.org Subject: Re: [PATCH] IPv6: Implement RFC 4429 Optimistic Duplicate Address Detection Neil Horman wrote: > On Wed, Jan 24, 2007 at 05:54:47PM -0800, Sridhar Samudrala wrote: >> Sec 2.1 of RFC 4429 says >> >> Unless noted otherwise, components of the IPv6 protocol stack should >> treat addresses in the Optimistic state equivalently to those in the >> Deprecated state, indicating that the address is available for use >> but should not be used if another suitable address is available. For >> example, Default Address Selection [RFC3484] uses the address state >> to decide which source address to use for an outgoing packet. >> Implementations should treat an address in state Optimistic as if it >> were in state Deprecated. If address states are recorded as >> individual flags, this can easily be achieved by also setting >> 'Deprecated' when 'Optimistic' is set. >> >> So i think DEPRECATED flag also should be set when we mark an address >> as OPTIMISTIC so that we don't use it as source address for new >> connections if another address is available until DAD is completed. >> >> Thanks >> Sridhar >> > > Oh, good catch. Thank you Sri. However, I'm worried about the next paragraph: > > It is important to note that the address lifetime rules of [RFC2462] > still apply, and so an address may be Deprecated as well as > Optimistic. When DAD completes without incident, the address becomes > either a Preferred or a Deprecated address, as per RFC 2462 > > Given that, it seems to me that addresses which are flagged as Deprecated may > enter and exit that state independently of the DAD process, which I think gives > rise to the possibility of a race. I.e. if an address becomes deprecated right > before DAD completes, and then addrconf_dad_complete clears the IFA_F_DEPRECATED > flag, that seems wrong. Instead I think it would be better if we tested for the > OPTIMISTIC flag in ipv6_dev_get_saddr in parallel with the DEPRECATED flag. I > may be wrong about this, but I'm going to err on the side of safety. If you can > ensure that this race is not possible. Please let me know, and I'll happily > just set the flag. I'll repost a new patch soon. I tend to agree with Neil here. Marking optimistic addresses as deprecated doesn't buy as much since the address can transition in and out of deprecated state regardless of DAD. However, there is a problem with the current implementation in that OPTIMISTIC address will never be chosen as source because it's always TENTATIVE and OPTIMISTIC at the same time. What needs to happen is for ipv6_dev_get_saddr() to not ignore OPTIMISTIC addresses and treat them same as DEPRECATED. -vlad - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists