lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 17 Apr 2008 08:49:27 +0300
From:	"Ian Brown" <ianbrn@...il.com>
To:	"Brian Haley" <brian.haley@...com>
Cc:	"YOSHIFUJI Hideaki / 吉藤英明" 
	<yoshfuji@...ux-ipv6.org>, netdev@...r.kernel.org
Subject: Re: Why MLDv2 Report packet is freed ?

Hello,

First, I have multicast routing enabled:
/proc/sys/net/ipv6/conf/*/mc_forwarding is 1 and
CONFIG_IPV6_MROUTE=y when building the kernel.

Second, when MLDV2 report reaches ip6_mc_input(),
the ICMPv6 header has a type of ICMPV6_MLD2_REPORT; and it is a router
alert. This causes a call to ip6_input() and **not** ip6_mr_input().
This casue it to be handled by the ICMPv6 handler, which is icmpv6_rcv().
I am absolutely sure about it, as I added some printk() in these kernel methods.
I see that I reach the icmpv6_rcv() and the packet is dropped.
The sock_queue_rcv_skb() method in p6mr_cache_report() is NOT called
in this case -
simply because we don't get there, since ip6_mc_input() in this case
does **not**
call ip6_mr_input() ; it does call ip6_mr_input() in other cases.

Moreover, I added printing in the accept_mld6() method of the pim6sd
daemon, which is the
handler for these packets, and I do not get there.

Could it be that this is a bug ?

Any ideas ?

IB





On Wed, Apr 16, 2008 at 9:02 PM, Brian Haley <brian.haley@...com> wrote:
> Ian Brown wrote:
>  > Hello,
>  >
>  > I am sorry, I tried to delve into the code and I not sure I can figure out this
>  > point.
>  >> MLD packets are handled in other place.
>  >
>  > Can anybody please try to elaborate on this point: how
>  > are MLD packets handled ? Shouldn't MLD packets be
>  > handled by pim6sd daemon?
>
>  Yes.
>
>
>  > I see handlers for accepting MLD (v1 and v2)
>  > in pim6sd daemon;
>  > And in case MLD packets  should be handled by pim6sd  - shouldn't the kernel
>  > pass these MLD packets to the pim6sd daemon (by calling sock_queue_rcv_skb()
>  > in ip6mr.c) ? As far as I can understand, these MLD packets are
>  > dropped in icmpv6_rcv()
>
>  From what I can tell, ip6_mc_input() makes a copy if multicast routing
>  is enabled.  Those copies eventually get to ip6mr_cache_report() which
>  delivers them to user-space (there's even a reference to pim6sd in
>  net/ipv6/ip6mr.c).
>
>  Have you seen them not get delivered?
>
>  -Brian
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists