| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Aug 2013 18:09:38 +0200
From: Daniel Borkmann <dborkman@...hat.com>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org, David Stevens <dlstevens@...ibm.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>
Subject: [PATCH net-next] net: ipv6: mldv1/v2: fix switchback timeout to rfc3810, 9.12.
i) RFC3810, 9.2. Query Interval [QI] says:
The Query Interval variable denotes the interval between General
Queries sent by the Querier. Default value: 125 seconds. [...]
ii) RFC3810, 9.3. Query Response Interval [QRI] says:
The Maximum Response Delay used to calculate the Maximum Response
Code inserted into the periodic General Queries. Default value:
10000 (10 seconds) [...] The number of seconds represented by the
[Query Response Interval] must be less than the [Query Interval].
iii) RFC3810, 9.12. Older Version Querier Present Timeout [OVQPT] says:
The Older Version Querier Present Timeout is the time-out for
transitioning a host back to MLDv2 Host Compatibility Mode. When an
MLDv1 query is received, MLDv2 hosts set their Older Version Querier
Present Timer to [Older Version Querier Present Timeout].
This value MUST be ([Robustness Variable] times (the [Query Interval]
in the last Query received)) plus ([Query Response Interval]).
Hence, on default the timeout results in:
[RV] = 2, [QI] = 125sec, [QRI] = 10sec
[OVQPT] = [RV] * [QI] + [QRI] = 260sec
Having that said, we currently calculate [OVQPT] (here given as 'switchback'
variable) as ...
switchback = (idev->mc_qrv + 1) * max_delay
Looking at bridging multicast code for MLDv1, we can see that [QRI] resp.
Maximum Response Delay is encoded into mld->mld_maxdelay, so getting [QRI]
in MLDv1 the way we do is correct, but [QI] does not appear in our current
switch back variant. Side note: briding code will set its timers as follows:
...
br->multicast_query_response_interval = 10 * HZ;
br->multicast_startup_query_interval = 125 * HZ / 4;
br->multicast_query_interval = 125 * HZ;
...
Concluding, the current behaviour in IPv6's multicast code is not conform
to the RFC as switch back is calculated wrongly. That is, it has a too small
value, so MLDv2 hosts switch back again to MLDv2 way too early.
On the other hand, RFC3810, 9.12. says "the [Query Interval] in the last Query
received". In section "9.14. Configuring timers", it is said:
This section is meant to provide advice to network administrators on
how to tune these settings to their network. Ambitious router
implementations might tune these settings dynamically based upon
changing characteristics of the network. [...]
iv) RFC38010, 9.14.2. Query Interval:
The overall level of periodic MLD traffic is inversely proportional
to the Query Interval. A longer Query Interval results in a lower
overall level of MLD traffic. The value of the Query Interval MUST
be equal to or greater than the Maximum Response Delay used to
calculate the Maximum Response Code inserted in General Query
messages.
I assume that is why switchback is calculated as is (3 * max_delay), although
this setting seems to be meant for routers only to configure their [QI]
interval for non-default intervals.
Also again, looking at the 'opposite site' in bridging code, the following
is happening: If a bridge sends out a query itself via br_multicast_send_query(),
multicast_query_timer is reset with br->multicast_query_interval (if we're not
in startup), that is on default 125 * HZ.
Therefore, when an MLDv1 query is received fix it up to use the default
timeout of 125 * HZ (as we also have in bridging code for intervals
queries are sent).
Next to that, a follow-up patch after the fix could make MLD_QI_DEFAULT tunable
per idev.
Introduced in 06da92283 ("[IPV6]: Add MLDv2 support.").
Signed-off-by: Daniel Borkmann <dborkman@...hat.com>
Cc: David Stevens <dlstevens@...ibm.com>
Cc: Hannes Frederic Sowa <hannes@...essinduktion.org>
---
- I chose net-next as this is not something critical such as fixing a panic.
- Note, commit 06da92283 is in linux-history tree.
- David Stevens, it would be great if you could comment on this. :)
net/ipv6/mcast.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 98ead2b..4b0aa5a 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -108,6 +108,8 @@ static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml,
struct inet6_dev *idev);
#define MLD_QRV_DEFAULT 2
+/* RFC3810, 9.2. Query Interval */
+#define MLD_QI_DEFAULT (125 * HZ)
/* RFC3810, 8.1 Query Version Distinctions */
#define MLD_V1_QUERY_LEN 24
@@ -1150,11 +1152,24 @@ int igmp6_event_query(struct sk_buff *skb)
return -EINVAL;
if (len == MLD_V1_QUERY_LEN) {
+ int mc_qi = MLD_QI_DEFAULT;
int switchback;
/* MLDv1 router present */
+ /* RFC3810, 9.12. Older Version Querier Present Timeout:
+ *
+ * The Older Version Querier Present Timeout is the time-out
+ * for transitioning a host back to MLDv2 Host Compatibility
+ * Mode. When an MLDv1 query is received, MLDv2 hosts set
+ * their Older Version Querier Present Timer to [Older Version
+ * Querier Present Timeout].
+ *
+ * This value MUST be ([Robustness Variable] times (the
+ * [Query Interval] in the last Query received)) plus
+ * ([Query Response Interval]).
+ */
max_delay = msecs_to_jiffies(ntohs(mld->mld_maxdelay));
- switchback = (idev->mc_qrv + 1) * max_delay;
+ switchback = idev->mc_qrv * mc_qi + max_delay;
idev->mc_v1_seen = jiffies + switchback;
/* cancel the interface change timer */
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists