| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Nov 2011 07:46:28 -0700 (PDT) From: François-Xavier Le Bail <fx.lebail@...oo.com> To: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: [RFC] The Linux kernel IPv6 stack don't follow the RFC 4942 recommendation Hi, I do some tests on a Linux 3.0 kernel with IPv6 forwarding mode enabled. When I ping (ICMPv6 echo request) on one of its Subnet-Router anycast addresses (SRAA, http://tools.ietf.org/html/rfc4291#section-2.6.1), the Linux kernel reply with an unicast source address, not the anycast one. When I send an IPv6 UDP packet to a server on Linux on one of its SRAA, the Linux kernel build a reply with an unicast source address, not the anycast one. The RFC 4942 states (http://tools.ietf.org/html/rfc4942#section-2.1.6) : 2.1.6. Anycast Traffic Identification and Security [. . .] To avoid exposing knowledge about the internal structure of the network, it is recommended that anycast servers now take advantage of the ability to return responses with the anycast address as the source address if possible. Also, If the source address of reply differs from destination address of the request, many applications are broken. Please let me know your feedback. Thanks, Francois-Xavier Le Bail -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists