lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <58075d86-b43a-4d58-bf64-c29418f99143@linux.alibaba.com>
Date: Tue, 10 Dec 2024 15:07:04 +0800
From: Guangguan Wang <guangguan.wang@...ux.alibaba.com>
To: Halil Pasic <pasic@...ux.ibm.com>, Wenjia Zhang <wenjia@...ux.ibm.com>
Cc: jaka@...ux.ibm.com, alibuda@...ux.alibaba.com, tonylu@...ux.alibaba.com,
 guwen@...ux.alibaba.com, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
 linux-rdma@...r.kernel.org, linux-s390@...r.kernel.org,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 Dust Li <dust.li@...ux.alibaba.com>
Subject: Re: [PATCH net-next v2 2/2] net/smc: support ipv4 mapped ipv6 addr
 client for smc-r v2



On 2024/12/10 04:44, Halil Pasic wrote:
> On Mon, 9 Dec 2024 20:36:45 +0800
> Guangguan Wang <guangguan.wang@...ux.alibaba.com> wrote:
> 
>>> I believe we would like to have a v3 here. Also I'm not sure
>>> checking on saddr is sufficient, but I didn't do my research on
>>> that question yet.
>>>
>>> Regards,
>>> Halil  
>>
>> Did you mean to research whether the daddr should be checked too?
> 
> Right! Or is it implied that if saddr is a ipv4 mapped ipv6 addr
> then the daddr must be ipv4 mapped ipv6 addr as well?
> 
> Regards,
> Halil

I did a test by iperf3:
A server with IPV4 addr 11.213.5.33/24 and real IPV6 addr 2012::1/64.
A client with IPV4 addr 11.213.5.5/24 and real IPV6 addr 2012::2/64.
iperf3 fails to run when server listen on IPV6 addr and client connect
to server using IPV4 mapped IPV6 addr. commands show below:
server: smc_run iperf3 -s -6 -B 2012::1
client: smc_run iperf3 -t 10 -c 2012::1 -6 -B ::ffff:11.213.5.5

Failure happened due to the connect() function got the errno -EAFNOSUPPORT,
I also located the kernel code where the -EAFNOSUPPORT is returned
(https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/net/ipv6/ip6_output.c#:~:text=err%20%3D%20%2DEAFNOSUPPORT%3B).
The call stack is:
ip6_dst_lookup_tail+1
ip6_dst_lookup_flow+55
tcp_v6_connect+743
__inet_stream_connect+181
inet_stream_connect+59
kernel_connect+109
smc_connect+239
__sys_connect+179
__x64_sys_connect+26
do_syscall_64+112
entry_SYSCALL_64_after_hwframe+118

The kernel code mentioned above restricts that when the saddr is ipv4
mapped ipv6 addr, the daddr should be either ipv4 mapped ipv6 addr or
ipv6_addr_any(::). As far as I know, the ipv6_addr_any daddr is used
to connect to a server listen on ipv6_addr_any(::) by loopback connection.

Thus, based on the test and the code, I think it has the restrict that for
SMC-Rv2 if saddr is a ipv4 mapped ipv6 addr then the daddr must be
ipv4 mapped ipv6 addr as well.

Thanks,
Guangguan Wang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ