| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Dec 2011 15:31:58 -0600
From: Shawn Bohrer <sbohrer@...advisors.com>
To: netdev@...r.kernel.org
Subject: TTL=0 multicast packets leaving host
We've got some machines where we've noticed that in some cases TTL=0
multicast traffic was leaving the host. It appear that ip_mc_output()
does the correct check with:
...
/* Multicasts with ttl 0 must not go beyond the host */
if (ip_hdr(skb)->ttl == 0) {
kfree_skb(skb);
return 0;
}
...
The problem is that in __mkroute_output() it checks if the local
computer is a member of the multicast group, and if not clears
RTCF_LOCAL
...
if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
fl4->flowi4_proto))
flags &= ~RTCF_LOCAL;
...
And if RTCF_LOCAL is _not_ set then ip_output() is used instead of
ip_mc_output()
...
if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
rth->rt_spec_dst = fl4->saddr;
if (flags & RTCF_LOCAL &&
!(dev_out->flags & IFF_LOOPBACK)) {
rth->dst.output = ip_mc_output;
RT_CACHE_STAT_INC(out_slow_mc);
}
...
This looks like a bug to me. I'd assume that if the local computer
has not joined the multicast group and I send a TTL=0 packet that it
would simply get discarded.
--
Shawn
---------------------------------------------------------------
This email, along with any attachments, is confidential. If you
believe you received this message in error, please contact the
sender immediately and delete all copies of the message.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists