lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 12 May 2008 14:08:09 +0300
From:	"Rami Rosen" <roszenrami@...il.com>
To:	"Andy Johnson" <johnsonzjo@...il.com>
Cc:	"David Shwatrz" <dshwatrz@...il.com>, netdev@...r.kernel.org,
	"YOSHIFUJI Hideaki / 吉藤英明" 
	<yoshfuji@...ux-ipv6.org>
Subject: Re: A question about setting the net device for multicast forwarding in IPv4 and in IPv6

Hi,


>If you will try to change it thus:
>echo "1" >  /proc/sys/net/ipv4/conf/eth0/mc_forwarding
>you will get:
...

To be more accurate, the MRT_INIT option when calling
setsockopt() sets multicast forwarding on /proc/sys/net/ipv4/conf/all
but **not** on /proc/sys/net/ipv4/conf/eth0.

>User space daemons (like xorp) will set
>/proc/sys/net/ipv4/conf/all/mc_forwarding  to 1
>(because they call setsockopt with MRT_INIT, which calls
>IPV4_DEVCONF_ALL(sock_net(sk), MC_FORWARDING)++;
>in ip_mroute_setsockopt(), as you mentioned


This is true; but user space daemons (like xorp) also set
/proc/sys/net/ipv4/conf/eth0/mc_forwarding  to 1. (or other eth*).
And this is done also via setsockopt(); but this time it is done
**NOT**with MRT_INIT but with MRT_ADD_VIF, which calls
IPV4_DEVCONF(in_dev->cnf, MC_FORWARDING)++
in vif_add(). (net/ipv4/ipmr.c).

Regards,
Rami Rosen





On Mon, May 12, 2008 at 11:57 AM, Andy Johnson <johnsonzjo@...il.com> wrote:
> Hello, David,
>
>   - I wanted to note that there is one more difference I had noted
>  between IPv4 and IPv6
>  regarding multicast forwarding:
>
>   - In IPv4, mc_forwarding is disabled by default (the value is 0). If
>  you will try to change it thus:
>  echo "1" >  /proc/sys/net/ipv4/conf/eth0/mc_forwarding
>  you will get:
>
>  /proc/sys/net/ipv4/conf/eth0/mc_forwarding: Permission denied.
>
>  ls -al /proc/sys/net/ipv4/conf/eth0/mc_forwarding
>  will show:
>  -r--r--r-- 1 root root 0 ...
>
>  But:
>   chmod 666  /proc/sys/net/ipv4/conf/eth0/mc_forwarding
>  gives:
>
>  chmod 666  /proc/sys/net/ipv4/conf/eth0/mc_forwarding
>  chmod: changing permissions of
>  `/proc/sys/net/ipv4/conf/eth0/mc_forwarding': Operation not permitted
>
>  User space daemons (like xorp) will set
>  /proc/sys/net/ipv4/conf/all/mc_forwarding  to 1
>  (because they call setsockopt with MRT_INIT, which calls
>
> IPV4_DEVCONF_ALL(sock_net(sk), MC_FORWARDING)++;
>  in ip_mroute_setsockopt(), as you mentioned.
>
>   In IPV6, this does not happen.
>
>  In IPV6, Multicast Routing is also disabled by default.
>
>  **But **
>
>  echo "1" >  /proc/sys/net/ipv6/conf/all/mc_forwarding
>  **does** work and **does not** give an error (as in IPV4).
>
>  I wonder what is the reason for it ? Or maybe it should be changed to
>  have the same behaviour both in IPV6 and IPV4?
>
>  Regards,
>  Andy
>
>
>
>
>
>
>
>
>  On Tue, May 6, 2008 at 4:38 PM, David Shwatrz <dshwatrz@...il.com> wrote:
>  > Hi,
>  >  I had noticed that in IPV4 we set the net device for multicast
>  > forwarding in case
>  > it is not already configured so, when the user space app calls
>  > setsockopt() with MRT_INIT;
>  > this is done by calling IPV4_DEVCONF_ALL(sock_net(sk), MC_FORWARDING)++;
>  > in ip_mroute_setsockopt(); (net/ipv4/ipmr.c).
>  >
>  > On the other hand, the parallel method in IPv6 does **not** performs
>  > such action, as can be seen
>  > from ip6_mroute_setsockopt() in net/ipv6/ip6mr.c.
>  >
>  > My question is : is there any special for it to be so? (In case it
>  > should be also in IPv6, I will happy to send such a patch).
>  >
>  > Best Regards,
>  > DS
>  > --
>  > To unsubscribe from this list: send the line "unsubscribe netdev" in
>  > the body of a message to majordomo@...r.kernel.org
>  > More majordomo info at  http://vger.kernel.org/majordomo-info.html
>  >
>  --
>  To unsubscribe from this list: send the line "unsubscribe netdev" in
>  the body of a message to majordomo@...r.kernel.org
>  More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ