lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 18 Oct 2009 00:30:30 -0700
From:	Maciej Żenczykowski <zenczykowski@...il.com>
To:	Linux Networking <netdev@...r.kernel.org>,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Subject: Question about IPV6 forwarding and proxy_ndp

I would like to have a machine:

* do IPv6 forwarding
- thus "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"

* accept router advertisements and default route from eth0
- thus "echo 0 > /proc/sys/net/ipv6/conf/eth0/forwarding"

* do proxy NDP on eth0 for a specific v6 address
- thus "echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndp"
- and "ip -6 neigh add proxy ${PROXIED_V6_IP} dev eth0"

Problem is, this doesn't work (no ndp responses for the proxied v6 ip)...
While, if I "echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding" than
proxy ndp starts working, but I lose my default route...

I think the problem is at:

http://lxr.linux.no/linux+v2.6.31/net/ipv6/ndisc.c#L832

 831                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 832                    (idev->cnf.forwarding &&
 833                     (net->ipv6.devconf_all->proxy_ndp ||
idev->cnf.proxy_ndp) &&
 834                     (is_router = pndisc_is_router(&msg->target,
dev)) >= 0)) {
 835                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 836                            skb->pkt_type != PACKET_HOST &&
 837                            inc != 0 &&
 838                            idev->nd_parms->proxy_delay != 0) {

notice that we require idev->cnf.forwarding to be true.

Should this perhaps be changed to
    (net->ipv6.devconf_all->forwarding || idev->cnf.forwarding)

or even just
    net->ipv6.devconf_all->forwarding
?

It's not clear to me what the reasoning behind that if statement is...

- Maciej
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ