lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 08 Nov 2007 15:50:52 -0500
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	Vlad Yasevich <vladislav.yasevich@...com>,
	Andreas Gruenbacher <agruen@...e.de>,
	Jiri Bohac <jbohac@...e.cz>, netdev@...r.kernel.org,
	yoshfuji@...ux-ipv6.org, kkeil@...e.de
Subject: Re: Why does a connect to IPv6 LLA address fail ?

Karsten Keil wrote:
> 
> OK I run into this issue while running the TAHI testsuite. The test is as
> follows:
> 
>   Check 03:
>     DNS Address: fec0::9
>     Candidate Source Addresses: fec0::1(SS) or LLA(LS)
>     Destination Address List: 3fff::2(GS) or fe80::2(LS)
>     Result: fe80::2 (src LLA) then 3fff::2 (src fec0::1)
> 
>     Scope(fe80::2) = Scope(LLA) and Scope(3fff::2) <> Scope(fec0::1), then prefer fe80::2
> 
> the nameserver send following answer for the query:
> 
> | | | | DNS_Question                    (length:21)
> | | | | | DNS_QuestionEntry               (length:21)
> | | | | | | Name                             = server.tahi.org.
> | | | | | | Type                             = 28 (AAAA)
> | | | | | | Class                            = 1
> | | | | DNS_Answer                      (length:86)
> | | | | | DNS_RR_AAAA                     (length:43)
> | | | | | | Name                             = server.tahi.org.
> | | | | | | Type                             = 28
> | | | | | | Class                            = 1
> | | | | | | TTL                              = 0
> | | | | | | Length                           = 16
> | | | | | | Address                          = 3fff::2
> | | | | | DNS_RR_AAAA                     (length:43)
> | | | | | | Name                             = server.tahi.org.
> | | | | | | Type                             = 28
> | | | | | | Class                            = 1
> | | | | | | TTL                              = 0
> | | | | | | Length                           = 16
> | | | | | | Address                          = fe80::2
> 
> 
> 
> So how we should handle this issue, claim that the test is wrong, the test
> should not use LLA for this ?
> 

You could argue that a DNS server should not return link-local addresses because there
is no way for the DNS server to specify a correct zone.

I believe this is actually documented somewhere...

-vlad

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ