lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 10 Feb 2015 08:18:03 -0800
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	"Steinar H. Gunderson" <sgunderson@...foot.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Kernel sends ICMP unreachable for GRE packets even if there is
 a listening socket

On Tue, 2015-02-10 at 08:09 -0800, Eric Dumazet wrote:
> On Tue, 2015-02-10 at 16:24 +0100, Steinar H. Gunderson wrote:
> > [Resent from Bugzilla]
> > 
> > Hi,
> > 
> > I have a userspace GRE listener, which opens a raw socket (error handling removed):
> > 
> >         int gresock = socket(AF_INET6, SOCK_RAW, IPPROTO_GRE);
> >         bind(gresock, (sockaddr *)&my_addr, sizeof(my_addr));
> > 
> > and then select()s and recvfrom()s on it, as well as sendto().
> > 
> > This works great. I can send and receive GRE packets. However, Linux _also_
> > sends ICMPv6 unreachables when the other end sends to me. I assume this is
> > because I don't have a corresponding kernel GRE tunnel interface. (I don't use
> > the kernel GRE because I want, among others, stronger reordering functionality
> > and possibly error correction, which is not in any standard.)
> > 
> > Can this be suppressed when I have such a socket giong? ip6tables -A OUTPUT can
> > stop them, but it seems very hacky and kludgy.
> 
> Thats because you loaded ip6_gre maybe ?

Not clear why we even bother sending ICMP in ipv6, while we do nothing
in ipv4 similar case

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index bc28b7d42a6dab05abee80d4fa84c102d92ca91f..8ff364b93bc2909253a6a0ef7268fc2dfb92c77c 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -572,7 +572,6 @@ static int ip6gre_rcv(struct sk_buff *skb)
 
 		return 0;
 	}
-	icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
 
 drop:
 	kfree_skb(skb);


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ