lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Jan 2007 20:39:24 +0200
From:	Mika Penttilä <mika.penttila@...umbus.fi>
To:	Neil Horman <nhorman@...driver.com>
Cc:	yoshfuji@...ux-ipv6.org, davem@...emloft.net, kuznet@....inr.ac.ru,
	pekkas@...core.fi, jmorris@...ei.org, kaber@...eworks.de,
	netdev@...r.kernel.org
Subject: Re: [PATCH] IPv6: Implement RFC 4429 Optimistic Duplicate Address
 Detection

Neil Horman wrote:
> On Sat, Jan 20, 2007 at 08:05:07AM +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
>   
>> Hello.
>>
>> In article <20070119212314.GA10748@...reliant.homelinux.net> (at Fri, 19 Jan 2007 16:23:14 -0500), Neil Horman <nhorman@...driver.com> says:
>>
>>     
>>> Patch to Implement IPv6 RFC 4429 (Optimistic Duplicate Address Detection).  In
>>>       
>> Good work.  We will see if this would break core and basic ipv6 code.
>> Dave, please hold on.
>>
>> Some quick comments.
>> --yoshfuji
>>     
> <snip>
>
> Reposted patch, with your suggestions/corrections incorporated.  The only thing
> I left alone was your last comment regarding the checking of saddr for being a
> unicast address.  According to the RFC as I read it, its possible to receive
> valid neighbor soliciations with a source address that is the unspecified
> address, which I didn't think ipv6_addr_type flagged as being unicast.  Now it
> may be that such NS messages are discarded before arriving at that recieve
> routine, but I was figuring better safe than sorry.  If you're sufficiently
> confident that we won't see non-unicast saddrs there, let me know and I'll
> happily remove that as well.
>
> Thanks & Regards
> Neil
>
> NTATIVE) {
> +
> +		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
>  			/* Address is tentative. If the source
> -			   is unspecified address, it is someone
> -			   does DAD, otherwise we ignore solicitations
> -			   until DAD timer expires.
> +			   is unspecified address, someone else
> +			   is doing DAD, and if its not us, then
> +			   we need to fail our own DAD
> +			   RFC 4429 Sec 3.3
>  			 */
>  			if (!dad)
>  				goto out;
> @@ -816,8 +845,20 @@ static void ndisc_recv_ns(struct sk_buff *skb)
>  					goto out;
>  				}
>  			}
> -			addrconf_dad_failure(ifp); 
> -			return;
> +
> +			/* The one exception to the above rule about 
> +			   optimistic addresses is that we need to always 
> +			   respond to an NS from a unicast address if we are
> +			   optimistic. RFC 4429 Sec 3.3.  If (unicast
> +			   and optimistic) are false then we can just fail
> +			   dad now.
> +			*/
> +			type = ipv6_addr_type(saddr);			
> +			if (!((ifp->flags & IFA_F_OPTIMISTIC) && 
> +			    (type & IPV6_ADDR_UNICAST))) {
> +				addrconf_dad_failure(ifp); 
> +				return;
> +			}
>  		}
>   
I think you should remove / modify the :
if (!dad)
    goto out;

which makes the rfc4429 tests not functional.

--Mika




-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ