lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Oct 2011 11:26:39 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	Brian Haley <brian.haley@...com>
Cc:	maze@...gle.com, yoshfuji@...ux-ipv6.org, netdev@...r.kernel.org
Subject: Re: [PATCH] net: ipv6: Allow netlink to set IPv6 address scope

On Mon, Oct 17, 2011 at 09:45, Brian Haley <brian.haley@...com> wrote:
>
> I think this goes against the intent of RFC 3879 (Deprecating Site Local
> Addresses), and it assumes that the user has some knowledge of the network
> topology.  When we send something out the carrier interface, we don't know why
> it didn't make it to it's final destination - firewall, network link down,
> congestion - we might not get the ICMP reason back.

Absolutely yes, this assumes that the user has knowledge of network
topology. But
we already know that, because in order for this code to be exercised,
the user must
have explicitly specified a non-global scope in the code that he ran
(or in the "ip
addr add" command that he executed). The only difference with this patch is that
the kernel does what the user asked for instead of making its own decision.

The way things would work in this scenario is that whatever userspace
code creates
the IPv6 address on the carrier interface would create it with
site-local scope. That
code knows perfectly well that the interface should not be used when
connecting to
globally scoped addresses and would tell the kernel not to use it. The kernel
currently refuses to do so because it thinks it knows better, but
since it doesn't, the
user's connections hang. I don't think this is a good idea.

RFC 3879 deprecated site-local addresses because the were non-unique and thus
ambiguous, and if they leak, they cause problems. This is not an issue
in the use
case I presented, because the addresses are syntactically global
addresses - they
just don't have global reachability.

> The MIF problem statement (in the RFC editor's queue) talks about this problem,
> http://tools.ietf.org/html/draft-ietf-mif-problem-statement-15 - perhaps it's
> better to work there to develop a more generic solution (using DHCPv6, RA
> options, etc) before making this change?

I don't think it's a good idea. Waiting for an IETF working group to
produce a standard
when it doesn't even have a problem statement finalized could take years.

Is there another reason why we shouldn't enable userspace to do what it wants?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ