lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Jun 2018 11:02:46 -0400
From:   valdis.kletnieks@...edu
To:     netdev@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org
Subject: 4.14.(44->48) IPv6 RA issue?

So I'm trying to troubleshoot an issue on an OpenWRT/Lede based
router, where IPv6 connectivity totally fails. I've bisected it down to:

git log --oneline 187da94808a634477b5e5a69109ea0c566dfa64b..73d8a6ab7668173d70adbed45b61be5256c505e
73d8a6ab7668 (refs/bisect/bad) base-files: fix UCI config parsing and callback handling
e52f3e9b1376 kernel: bump 4.14 to 4.14.48
7590c3c58f5e (HEAD) scripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function
987900f2de76 hostapd: properly build hostapd-only SSL variants

and am pretty sure that it's the kernel bump (works with a 4.14.44 kernel,
breaks with 4.14.48) as the other 3 commits don't go anywhere near IPv6 handling.

Symptoms:
With a good kernel, 'ip -6 neigh' reports:

ip -6 neigh
2601:5c0:c001:4341:2116:22ff:b17b:7cd6 dev wlan1 lladdr bc:85:56:1f:4f:6d REACHABLE
fe80::201:5cff:fe6f:1a46 dev eth1 lladdr 00:01:5c:6f:1a:46 router REACHABLE
fe80::9325:3b21:5021:fbd8 dev eth0 lladdr b8:27:eb:f7:0b:20 REACHABLE
fe80::2d9:d1ff:fed9:51a3 dev eth0 lladdr 00:d9:d1:d9:51:a3 REACHABLE

With a bad one, I get:

ip -6 neigh
fe80::be85:56ff:fe1f:4f6d dev wlan1 lladdr bc:85:56:1f:4f:6d STALE
fe80::2d9:d1ff:fed9:51a3 dev eth0 lladdr 00:d9:d1:d9:51:a3 STALE
fe80::9325:3b21:5021:fbd8 dev eth0 lladdr b8:27:eb:f7:0b:20 DELAY
2601:5c0:c001:4341:2116:22ff:b17b:7cd6 dev wlan1 lladdr bc:85:56:1f:4f:6d REACHABLE
fe80::201:5cff:fe6f:1a46 dev eth1  INCOMPLETE

Note that eth1 is the uplink towards my ISP.  I've pointed a 'tcpdump -n -i eth1 ip6'
at it, and see plenty of RA packets come in, but neighbor discovery never completes.
Looking at the Changelogs for .45->.50 don't show any smoking-gun patches.

This ring any bells, before I delve deeper into it?

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ