lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 15 Jul 2015 02:13:00 -0400
From:	Valdis Kletnieks <Valdis.Kletnieks@...edu>
To:	hideaki.yoshifuji@...aclelinux.com, ek@...gle.com,
	davem@...emloft.net
Cc:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: next-20150714 - busted IPv6 source address selection...

next-20150714 w/ one ethernet commit reverted. -0706 w/ same revert works.

"ip addr show" for the wireless says:

5: wlp3s0b1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:85:56:1f:4f:6d brd ff:ff:ff:ff:ff:ff
    inet 172.30.42.75/27 brd 172.30.42.95 scope global dynamic wlp3s0b1
       valid_lft 80952sec preferred_lft 80952sec
    inet6 2601:5c0:c100:9243:449b:a30:2f54:5b/64 scope global temporary dynamic 
       valid_lft 7181sec preferred_lft 1781sec
    inet6 2601:5c0:c100:9243:be85:56ff:fe1f:4f6d/64 scope global mngtmpaddr dynamic 
       valid_lft 7181sec preferred_lft 1781sec
    inet6 fe80::be85:56ff:fe1f:4f6d/64 scope link 
       valid_lft forever preferred_lft forever

but outbound packets have a bogus source address:

23:01:52.938986 IP6 a835::100:0:200:0.41360 > 2001:500:19::1.domain: 41835% [1au] AAAA? c0.info.afilias-nst.info. (53)
23:05:54.131991 IP6 a835::100:0:200:0 > 2001:468:c80:2105:211:43ff:feda:d769: ICMP6, echo request, seq 56, length 64

Interestingly enough, link-local addresses manage to get it wrong
in another fashion:

23:02:52.806011 IP6 fe80::120d:7fff:fe64:ca0b.60625 > ff02::c.ssdp: UDP, length 411

I suspected this commit mostly because it's the only one that seems to
touch source selection recebntly...

commit 9131f3de24db4dc12199aede7d931e6703e97f3b
Author: YOSHIFUJI Hideaki/吉藤英明 <hideaki.yoshifuji@...aclelinux.com>
Date:   Fri Jul 10 16:58:31 2015 +0900

    ipv6: Do not iterate over all interfaces when finding source address on specific interface.

Reverting this commit make things work again.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ