lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 Aug 2010 19:00:57 -0500
From:	Steve Chen <schen@...sta.com>
To:	Brian Haley <brian.haley@...com>
Cc:	usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org
Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel

On Thu, Aug 12, 2010 at 6:04 PM, Steve Chen <schen@...sta.com> wrote:
> On Thu, Aug 12, 2010 at 4:10 PM, Brian Haley <brian.haley@...com> wrote:
>> Hi Steve,
>>
>> On 07/28/2010 11:20 PM, Steve Chen wrote:
>>> Hello,
>>>
>>> The TAHI correspondent node tests CN-6-4-1 (Processing in upper layer
>>> - Echo Checksum) failed for me in the 2.6.32 kernel.  It appears that
>>> the Linux kernel is replying the ICMP echo request in
>>> icmpv6_echo_reply without much checking.  Is this an intentional
>>> non-conformance to RFC3775 section 9.3.1?
>>
>> Sorry for the late reply.  I've run these tests in the past against
>> SLES11 (2.6.27 ?) back in January 2009 and this one passed from looking
>> at my logs.  I don't have that system around anymore to check the config,
>> etc.  I didn't see any obvious commit that would have broken it from a
>> quick look, do you have a test setup to do some debugging?  It will
>> take a little time for me to re-configure mine to run this test.
>
> Brian,
>
> I'm using mip6d from git://www.umip.org/git/umip.git commit id
> d1c240f3deb690af902ce1ff128780551ff6141c.  Is that the correct version
> to use?  Looking at the kernel code again, the checksum error should
> have been caught in icmpv6_rcv.  There are probably something wrong
> with my setup.  I'll dig around a bit more.
>
> Tests 5-3-1 to 5-3-6 also failed for me.   Did they pass for you?

By the way, these tests passed for me with the following patch.
Please let me know what you think.

Thanks

Steve

View attachment "h_bit_check.patch" of type "text/x-patch" (592 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ