| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Oct 2014 03:13:54 +0000 From: "Cheng (LC) Li" <chengli@...adcom.com> To: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: Issue about dst spoofed in case of IPv6 RD (Rapid Deployment) After moving from Linux kernel 3.8.3 to 3.14.13, I have the dst spoofed issue when testing IPv6 RD (Rapid Deployment). The console output below error message and the ping reply pack is dropped. sit: Dst spoofed 10.149.6.128/2001:db8:ac10:1::1 -> 172.16.0.192/2001:db8:ac10:c0:d59d:4649:8244:6dfd In my testing, I created an 6rd tunnel on the CE router: sit1: ipv6/ip remote any local 172.16.0.192 ttl 64 6rd-prefix 2001:db8::/32 6rd-relay_prefix 10.149.6.128/32 Correspondingly, there was a 6rd tunnel on the server sit1: ipv6/ip remote any local 10.149.6.128 ttl 64 6rd-prefix 2001:db8::/32 172.16.0.192 is the IPv4 address of my CE router, 10.149.6.128 is the address of the BR. 6rd prefix is 2001:db8::/32. After looking into the linux kernel file, linux\net\ipv6\sit.c, I suspect the function static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst, __be32 *v4dst) misbehave. It get the IPv4 destination IP by *v4dst = tunnel->ip6rd.relay_prefix | htonl(d); But I think it should get the IPv4 destination IP by getting it from IPv6 destination IP address per rfc5569. Can anybody please help confirm this is a kernel issue or not? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists