lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 14 Jun 2007 18:27:38 -0400
From:	"C. Scott Ananian" <cscott@...top.org>
To:	"David Woodhouse" <dwmw2@...radead.org>, marcelo@...ck.org,
	dcbw@...hat.com, netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org,
	jjeong@...umn.edu
Subject: Handling IPv6 RDNSS in RA

[Re-sending an earlier email, this time with a wider distribution and
more details.]

I'd like to get opinions on how DNS information packaged with IPv6
Router Advertisement packages should be handled.  The OLPC project
(laptop.org) is currently planning to use this for DNS
autoconfiguration.  The draft RFC is at:
    http://tools.ietf.org/html/draft-jeong-dnsop-ipv6-dns-discovery-12
There is already code in radvd to support this.  [For reference, the
Router Advertisement (RA) option is called RDNSS, for 'Recursive DNS
Server'.]

Two alternatives seem obvious:
  1) Parse the RDNSS option in the kernel.  linux/net/ipv6/ndisc.c
already parses the other RAdv options; it just need to be extended to
parse RDNSS and export the 'last seen DNS conf' in the same way it
does the Managed/Other flags at
     http://lxr.linux.no/source/net/ipv6/ndisc.c?v=2.6.20.1#L1115
[Incidentally, I suspect I can get at the Managed/Other flags via
netlink, but would appreciate advice.]

 2) Parse the RDNSS information entirely in userspace.  The
NetworkManager(1) daemon would keep a socket open to listen to all
ICMPv6 messages, reparse the RA, and deal with RDNSS information.
This has the disadvantage of requiring redundant tracking of RA
lifetimes, and would require NetworkManager to send (likely redundant)
Router Solicitation messages when/if the RDNSS information expires.

Option 2 seems like duplication of work, but arguably keeps the kernel
small.  Honestly, I'm surprised that IPv6 autoconfiguration is in the
kernel at all.  But since it's there already, option 1's making RDNSS'
3*(128/8) bytes available via netlink doesn't seem too terrible to me.
 But if such a patch has no hope of being accepted into the mainline
kernel, I'd rather know now than later.

Also: are there other implementations which use the RA DNS info?
Maybe in fact someone has already written the necessary kernel patch?
I always prefer not to reinvent the wheel.
  --scott

-- 
                         ( http://cscott.net/ )
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ