| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Dec 2007 17:34:11 -0500
From: Brian Haley <brian.haley@...com>
To: David Stevens <dlstevens@...ibm.com>
Cc: David Miller <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH] [IPv6]: IPV6_MULTICAST_IF setting is ignored on link-local
connect()
David Stevens wrote:
> Brian Haley <brian.haley@...com> wrote on 12/18/2007 12:57:54 PM:
>
>> Trying to connect() to an IPv6 link-local multicast address by
>> specifying the outgoing multicast interface doesn't work, you have to
>> bind to a device first with an SO_BINDTODEVICE setsockopt() call.
Other OSes allow this operation, like FreeBSD, Tru64 UNIX and Solaris.
> No, you simply have to specify sin6_scope_id for link-scope
> addresses, like you do in unicast cases.
But isn't this why IPV6_MULTICAST_IF exists? So you don't have to bind
to an interface or use the scope id? RFC 3493 does not mention having
to set a scope id in order to send multicast packets:
IPv6 applications may send multicast packets by simply specifying an
IPv6 multicast address as the destination address, for example in the
destination address argument of the sendto() function.
> Your patch requires them
> to match (if specified), but I don't think IPV6_MULTICAST_IF should
> override or require a match for a valid sin6_scope_id (or be an error).
The patch won't override sk_bound_dev_if, or sin6_scope_id, it's a last
resort for link-local multicast. As far as matching, I think they
should if you set both SO_BINDTODEVICE/sin6_scope_id and
IPV6_MULTICAST_IF. I can relax that check if you like.
The one thing my patch does do is set sk_bound_dev_if, which it never
did - that seemed like the right thing to do since that's what the scope
id path does, and makes sure we always continue to use this interface.
> If I read it correctly, the existing code uses IPV6_MULTICAST_IF
> if the sin6_scope_id is not set, otherwise honors the interface specified
> in the connect. That seems like correct behaviour to me, and RFC 3493
> doesn't address the relative precedence of the two that I see. This is
> in the "linklocal" branch, and all unicast linklocal's require specifying
> sin6_scope_id. Multicast doesn't if require a scope_id in the case where
> you've done an IPV6_MULTICAST_IF, but it should still allow a different
> scope_id when you have used IPV6_MULTICAST_IF.
The IPV6_ADDR_MULTICAST check is inside the sin6_scope_id if()
statement, so will never get checked if the scope hasn't been specified,
that's the bug. Since that isn't required for multicast we always get
an EINVAL here.
> Do you have application code that you believe is correct that
> doesn't work?
Yes, a customer does.
-Brian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists