| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 May 2008 15:21:14 -0400
From: William Seppeler <wrs@...com>
To: linux-kernel@...r.kernel.org
Subject: TAHI IPv6 testing of kernel 2.6.20
I noticed on the TAHI website that kernel.org had the 2.6.20 kernel
certified for IPv6 Ready Logo Phase2 as a router device.
The application was submitted on 20070827 (Application ID:
US-2-C-20070827-000142) and certified on 20070926.
I'm currently testing a 2.6.20 kernel using Self_Test_1.4.14 (performing
Phase2 host testing - ipv6ready_p2_host). It passes all tests except for
one. I'm failing test:
v6LC_2_3_6_G - Redirected to Alternate Router: Invalid (Target Address
is Multicast)
Based on the kernel.org application date, I assume the application was
submitted using TAHI Self_Test_1.4.8. I see from the Self_Test CHANGELOG
that test v6LC_2_3_6_G was modified after the application date:
2007/09/26 Yukiyo Akisada
nd.p2/v6LC_2_3_6_G.def - correct packet definition
Q: Has the kernel.org group retested the 2.6.20 kernel using any of the
recent Self_Test releases? In particular, Self_Test_1.4.14 or greater?
And were there any failures?
As for details into the v6LC_2_3_6_G test failure:
The log shows the test fails due to processing an invalid redirect packet
(ie: it's a negative test). The redirect packet contains a multicast
address as a target address. RFC2461 (p.26) doesn't explicitly state this
is invalid:
Target Address
An IP address that is a better first hop to use for
the ICMP Destination Address. When the target is
the actual endpoint of communication, i.e., the
destination is a neighbor, the Target Address field
MUST contain the same value as the ICMP Destination
Address field. Otherwise the target is a better
first-hop router and the Target Address MUST be the
router's link-local address so that hosts can
uniquely identify routers.
But the test does appear to make sense based on the last sentence. The
linux kernel I'm testing shows an echo response trying to use the
multicast address from the redirect packet as it's first hop. This is
what causes the test to fail. The expectation is that the linux kernel
would ignore the redirect packet entirely.
As stated, this is the ONLY test in the whole Phase2 test suite that
fails. I understand the failure, but I don't understand how the 2.6.20
kernel is Phase2 certified. At least not with the current Self_Test test
suite.
Q: Has anyone else had issues in getting the 2.6.20 kernel to pass all
TAHI IPv6 Ready Logo Phase2 tests?
Please CC answers to wrs@...com
Thank You,
========================================
William Seppeler
Test Engineer
Performance Technologies Inc.
205 Indigo Creek Dr.
Rochester, NY 14626
Phone: (585) 256-0200, Fax: (585) 256-0791
Email: wrs@...com, Web: www.pt.com
========================================
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists