lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E304DCA.503@earthlink.net>
Date:	Wed, 27 Jul 2011 13:41:30 -0400
From:	Stephen Clark <sclark46@...thlink.net>
To:	Andi Kleen <andi@...stfloor.org>
CC:	tgraf@...radead.org, davem@...emloft.net, ak@...ux.intel.com,
	linux-kernel@...r.kernel.org, stable@...nel.org,
	tim.bird@...sony.com, stable@...r.kernel.org
Subject: Re: [PATCH] [10/98] ipv6: add special mode accept_ra=2 to accept
 RA while configured as router

On 07/26/2011 08:35 PM, Andi Kleen wrote:
> 2.6.35-longterm review patch.  If anyone has any objections, please let me know.
>
> ------------------
> From: Thomas Graf<tgraf@...radead.org>
>
> [ upstream commit 65e9b62d4503849b10bedfc29bff0473760cc597 ]
>
> The current IPv6 behavior is to not accept router advertisements while
> forwarding, i.e. configured as router.
>
> This does make sense, a router is typically not supposed to be auto
> configured. However there are exceptions and we should allow the
> current behavior to be overwritten.
>
> Therefore this patch enables the user to overrule the "if forwarding
> enabled then don't listen to RAs" rule by setting accept_ra to the
> special value of 2.
>
> An alternative would be to ignore the forwarding switch alltogether
> and solely accept RAs based on the value of accept_ra. However, I
> found that if not intended, accepting RAs as a router can lead to
> strange unwanted behavior therefore we it seems wise to only do so
> if the user explicitely asks for this behavior.
>
> Signed-off-by: Thomas Graf<tgraf@...radead.org>
> Signed-off-by: David S. Miller<davem@...emloft.net>
> Signed-off-by: Andi Kleen<ak@...ux.intel.com>
>
> Index: linux-2.6.35.y/net/ipv6/ndisc.c
> ===================================================================
> --- linux-2.6.35.y.orig/net/ipv6/ndisc.c
> +++ linux-2.6.35.y/net/ipv6/ndisc.c
> @@ -1105,6 +1105,18 @@ errout:
>   	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
>   }
>
> +static inline int accept_ra(struct inet6_dev *in6_dev)
> +{
> +	/*
> +	 * If forwarding is enabled, RA are not accepted unless the special
> +	 * hybrid mode (accept_ra=2) is enabled.
> +	 */
> +	if (in6_dev->cnf.forwarding&&  in6_dev->cnf.accept_ra<  2)
> +		return 0;
> +
> +	return in6_dev->cnf.accept_ra;
> +}
> +
>   static void ndisc_router_discovery(struct sk_buff *skb)
>   {
>   	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
> @@ -1158,8 +1170,7 @@ static void ndisc_router_discovery(struc
>   		return;
>   	}
>
> -	/* skip route and link configuration on routers */
> -	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
> +	if (!accept_ra(in6_dev))
>   		goto skip_linkparms;
>
>   #ifdef CONFIG_IPV6_NDISC_NODETYPE
> @@ -1309,8 +1320,7 @@ skip_linkparms:
>   			     NEIGH_UPDATE_F_ISROUTER);
>   	}
>
> -	/* skip route and link configuration on routers */
> -	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
> +	if (!accept_ra(in6_dev))
>   		goto out;
>
>   #ifdef CONFIG_IPV6_ROUTE_INFO
>
>    
Hi Andi,

I only saw patches upto 38/98 so I don't know whether the following is 
also included but it should be.
It is a corresponding patch to the one above.

author    Thomas Graf <tgraf@...radead.org>
Fri, 3 Sep 2010 03:04:20 +0000 (03:04 +0000)
committer    David S. Miller <davem@...emloft.net>
Fri, 3 Sep 2010 16:43:14 +0000 (09:43 -0700)
commit    c3bccac2fa76f1619dfe4fb7b9bee69de7f066d8
tree    f2271f01bae9c3d5c0557a550d62757b0061bf63    tree | snapshot
parent    65e9b62d4503849b10bedfc29bff0473760cc597    commit | diff
ipv6: add special mode forwarding=2 to send RS while configured as router

Similar to accepting router advertisement, the IPv6 stack does not send 
router
solicitations if forwarding is enabled.

This patch enables this behavior to be overruled by setting forwarding 
to the
special value 2.

-

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ