lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 21 Feb 2007 10:04:47 -0500
From:	weidong <weid@...css.fujitsu.com>
To:	netdev@...r.kernel.org
Subject: Re: [Patch][IPv6] Fix wrong routing mechanism for Link Local IPv6
	packets

Hello, Mr yoshfuji:
    Thanks for your reply.
The following is the figure.
|--------------------------------------------|
|                                            | 
|                 Router                     | 
|                                            |    |-------|
|   |------|                   |------|      |    | other |
|   | eth0 |---                | eth1 |------|----|network|
|   |------|  |                |------|      |    |-------|
|------|------|--------------------|---------|
       |      v                    | 
       | fe80::20c:29ff:fe24:fa0a  | 
       |                           | 
       |                           | 
       |                           | 
       |                           | 
       |                           | 
       |                           v 
       |               fe80::20c:29ff:fe24:fa14 
       |                           
       | 
|------|------| 
|  |------|   | 
|  | eth0 |---|--->fe80::200:ff:fe00:100 
|  |------|   | 
|             | 
|    Host     | 
|-------------| 

Host eth0: fe80::200:ff:fe00:100
Router eth0: fe80::20c:29ff:fe24:fa0a
Router eth1: fe80::20c:29ff:fe24:fa14

We ping6 from host's eth0 to Router's eth1. Echo Request's src addr =
fe80::200:ff:fe00:100, dst addr = fe80::20c:29ff:fe24:fa14. And Kernel
just send ICMPv6 redirect packet and then forward the Echo Request to
router's eth0. If we run tcpdump on Host eth0, we can receive the ICMPv6
Redirect packet. And if we send NA which advertises
fe80::20c:29ff:fe24:fa14 MAC address(this is very easy for v6eval tool),
we also can receive the forwarded Echo Request(src:fe80::200:ff:fe00:100
dst is fe80::20c:29ff:fe24:fa14). 

I dived into the kernel, and found that maybe function rt6_score_route()
has problems. In rt6_score_route(), if rt6_check_dev() return 0, and the
dst ipv6 addr is link local addr, rt6_socre_route() return -1 directly.
I think this is not correct, we should return -1 only if the entry is in
the route cache, and the dst addr is link local addr. Only entries in
cache may select wrong IPv6 Link Local NIC for a link local dst addr.
because they are copied from static IPv6 fib table entries.

> > Hello, Mr yoshfuji
> >     Take ping6 for example. Asumming there is a router which has 2 NICs.
> > eth0 on router has ipv6 addr fe80::20c:29ff:fe24:fa0a, eth1 on router has
> > ipv6 addr fe80::20c:29ff:fe24:fa14. Also there is a host connected to
> > router's eth0, and the host's ipv6 addr is fe80::200:ff:fe00:100. We ping6
> :
> 
> I still need more precise figure.
> 
> Please draw complete box for the 2-3 boxes (pinger, router (and the
> destination)), link(s) and interfaces.
> 
> +-------------+
> |    Router   |
> +---+-----+---+
> eth0|     |eth1
>     |     |
> eth0|
> +---+-+
> |Host1|
> +-----+
> 
> Host1  eth0: fe80:....
> Router eth0: fe80:....
> Router eth1: fe80:...
> 
> Or, something like that....
> 
> I think you may use other tool such as tgif etc.
> 
> --yoshfuji 
> 

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ