lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <58ad78a8-f84c-4249-b95c-e74d3edf1149@redhat.com>
Date: Thu, 3 Apr 2025 09:54:35 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: gaoxingwang <gaoxingwang1@...wei.com>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, davem@...emloft.net, kuznet@....inr.ac.ru,
 yoshfuji@...ux-ipv6.org, David Ahern <dsahern@...nel.org>
Cc: kuba@...nel.org, yanan@...wei.com
Subject: Re: [Discuss]ipv6: send ns packet while dad

Adding David,

On 4/2/25 2:12 PM, gaoxingwang wrote:
> I have an RFC-related question when using ipv6.
> 
> Configure an IPv6 address on network adapter A. The IP address is being used for DAD and is unavailable.
> In this case, the application sends an NS packet to resolve the tentative IP address. The target address
> in the multicast packet contains the tentative IP address, and the source address is set to the link-local address.
> Is this allowed to be sent? Does it contradict the following description in the RFC 4862?
> (https://datatracker.ietf.org/doc/html/rfc4862#section-5.4)
> 
>> Other packets addressed to the
>> tentative address should be silently discarded.  Note that the "other
>> packets" include Neighbor Solicitation and Advertisement messages
>> that have the tentative (i.e., unicast) address as the IP destination
>> address and contain the tentative address in the Target Address field.
> 
> Or is this description just for receiving packets?

Yes, AFAICT the above paragraph refers to incoming packets targeting the
tentative address. Outgoing NS packet must include the tentative address
in the target field, otherwise DaD can't work.

> The actual problem I encountered was that when proxy ND was enabled
> on the switch, the reply ND packet would cause the dad to fail. 

I think more details on the problematic scenario could help. Who is
sending the ND reply? who is performing DaD? possibly a diagram could help.

thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ