lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <480AEE5C.4090402@cn.fujitsu.com>
Date:	Sun, 20 Apr 2008 15:18:52 +0800
From:	Wang Chen <wangchen@...fujitsu.com>
To:	David Miller <davem@...emloft.net>
CC:	yoshfuji@...ux-ipv6.org, netdev@...r.kernel.org
Subject: Re: [PATCH] RAW6: Do not allow set IPV6_CHECKSUM for ICMPv6 socket

David Miller said the following on 2008-4-18 19:09:
> From: Wang Chen <wangchen@...fujitsu.com>
> Date: Fri, 18 Apr 2008 18:32:46 +0800
> 
>> As RFC3542 mentions: An attempt to set IPV6_CHECKSUM for an
>> ICMPv6 socket will fail.
>> Add a check for that in do_rawv6_setsockopt().
>>
>> Signed-off-by: Wang Chen <wangchen@...fujitsu.com>
> 
> Enforcing these kinds of things we've allowed for so many years is
> rather pointless, especially if it breaks real applications.  Which I
> believe it does in this case.  The standards simply do not matter.
> 
> I seem to recall that traceroute6 in iputils does exactly this.
> 

Enforcing this can forbid disabling checksum for icmpv6 socket.
The real applications, such as ping6 & traceroute6, are just doing
what is default in kernel.
Why not remove the RFC-breaking code from applications?

See the source:
kernel->rawv6_init_sk()
---
	case IPPROTO_ICMPV6:
		rp->checksum = 1;
		rp->offset   = 2;
		break;
---

ping6->main()
---
	csum_offset = 2;
	sz_opt = sizeof(int);

	err = setsockopt(icmp_sock, SOL_RAW, IPV6_CHECKSUM, &csum_offset, sz_opt);
	if (err < 0) {
		perror("setsockopt(RAW_CHECKSUM)");
		exit(2);
	}
---

traceroute6->main()
---
	on = 2;
	if (setsockopt(icmp_sock, SOL_RAW, IPV6_CHECKSUM, &on, sizeof(on)) < 0) {
		perror("setsockopt(RAW_CHECKSUM)");
		exit(2);
	}
---


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ