lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100814161329.GA3258@albatros>
Date:	Sat, 14 Aug 2010 20:13:29 +0400
From:	Vasiliy Kulikov <segooon@...il.com>
To:	Marek Lindner <lindner_marek@...oo.de>
Cc:	Linus Lüssing <linus.luessing@....de>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Andrew Lunn <andrew@...n.ch>,
	Sven Eckelmann <sven.eckelmann@....de>,
	Simon Wunderlich <siwu@....tu-chemnitz.de>,
	devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: batman-adv: design suggestions

On Sat, Aug 14, 2010 at 16:59 +0200, Marek Lindner wrote:
> On Friday 13 August 2010 20:18:33 Vasiliy Kulikov wrote:
> > d) Why do you send icmp TTL exceeded for the icmp itself? E.g. in case
> > of loop or/and small default TTL you'll probably get a storm of icmps.
> > Exactly in this case IP silently drops TTL exceeded icmps ;)
> 
> These layer2 icmp packets are not ordinary icmp packets.

By the way, it's better to name it smth another (bcmp?) as ICMP = _internet_
control message protocol. Batman is not limited to IP however ;)

> We needed to provide 
> a mechanism to make the network topology visible to debug tools like ping or 
> traceroute which normally "see" no more than one hop as they operate on 
> layer3. Hence, batman-adv does not send an icmp packet for each payload TTL 
> exceeded but for traceroute only.

Ah, dammit! I didn't see this code:

	if (icmp_packet->msg_type != ECHO_REQUEST) {
		pr_warning("Warning - can't forward icmp packet from %pM to "
			   "%pM: ttl exceeded\n", icmp_packet->orig,
			   icmp_packet->dst);
		return NET_RX_DROP;
	}

I thought that any expired icmp spawns TTL exceeded icmp that may spawn
another one, etc.

> I recommend reviewing the traceroute code to 
> understand how this is supposed to work:
> http://www.open-mesh.org/browser/trunk/batctl/traceroute.c

Thanks, I'll look at it.

> 
> I'd be interested to learn about a problematic scenario in which this 
> mechanism breaks.

Now I don't know anyone too ;)

> 
> Regards,
> Marek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ