lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Oct 2008 12:06:20 +0100
From:	Pedro Ribeiro <pribeiro-bulk@....ipl.pt>
To:	netdev@...r.kernel.org
Subject: [PATCH] Structure icmp6hdr (IPv6/ICMPv6) with bug in the bitfields!

First, let-me say sorry for the long text, i think is needed for
context.

My name is Pedro Ribeiro and I’m the operations coordinator at
IPLNet, a network that interconnects all the schools belonging to the
Polytechnic Institute of Lisbon (IPL) and in addition I’m also a
teacher of network engineering at ISEL (a local university).

In the majority of the network segments of our infrastructure, we
have dual stack connectivity with IPv4/IPv6. In the last months, we
have upgraded most of the infrastructure, specially targeting IPv6
performance leaving most of the segments with an “old/slow router” and
a “new/fast” router as possible default gateways.
In the course of validating the changes, we have done some tests with
IPv6 and some of them were really disappointing with no gains at all.

While investigating the cause of that, I have seen that our main
Linux servers were using the “wrong” default gateway, the “old/slow”
one. This behaviour is inconsistent with the configuration of the
routers; the “new/fast” is sending the router advertisements
announcing himself as default gateway with MEDIUM (default) preference
and the “old/slow” announcing himself as LOW preference.

Deep analysis in the sources of Linux revealed that the value of
“pref” passed to rt6_add_dflt_router(...) in the file net/ipv6/route.c
isn’t consistent with the one sent by the routers and observed with
wireshark. Seeking the roots of the problem I’ve detected a bug in the
definitions of the bitfield that includes the router preference in the
router advertisement message that are resulting in retrieving the
wrong bits from the structure defined in “include/linux/icmpv6.h”. The
struct is the base one from ICMPv6 (icmp6hdr) and was lacking the bit
field “home_agent” between “router_pref” and “other” and the reserved
bits are only 3, not 4 as in the structure (according to RFC4191)

Follows a “diff” with the changes I’ve made to correct this problem
(I’ve made it against kernel 2.6.23, but I’ve confirmed that the
problem still exists in 2.6.25)

--- /usr/src/linux-2.6.23-gentoo-r9orig/include/linux/icmpv6.h      2007-10-09 21:31:38.000000000 +0100
+++ /usr/src/linux-2.6.23-gentoo-r9/include/linux/icmpv6.h      2008-10-13 17:42:56.000000000 +0100
@@ -40,16 +40,18 @@
                 struct icmpv6_nd_ra {
                        __u8            hop_limit;
 #if defined(__LITTLE_ENDIAN_BITFIELD)
-                       __u8            reserved:4,
+                       __u8            reserved:3,
                                        router_pref:2,
+                                       home_agent:1,
                                        other:1,
                                        managed:1;
 
 #elif defined(__BIG_ENDIAN_BITFIELD)
                        __u8            managed:1,
                                        other:1,
+                                       home_agent:1,
                                        router_pref:2,
-                                       reserved:4;
+                                       reserved:3;
 #else
 #error "Please fix <asm/byteorder.h>"
 #endif

Even after this fix, the problem of deterministic and preference
aware default route selection, remains. I have not figured until now
how the preference affects the selection, maybe it is a missing
feature.

I am sorry to say it (I am not a Windows fan), but the behaviour
observed in Windows Vista is in this matter consistent with the one I
was expecting from the reading of the RFCs.

Developers on this area please clarify me this subject; does the
preference present in the RAs is supposed to influence the decision?
In addition, what is the criterion for selecting the default route in
the presence of multiple candidates with the same preference?
Best Regards to all the Linux community!

-- 
Best regards,

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedro Ribeiro
IPLNet - Rede de dados e comunicações
Instituto Politécnico de Lisboa (IPL)
Mail: mailto:pribeiro AT net.ipl.pt
VoIP: sip:pribeiro AT net.ipl.pt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ