lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 3 Oct 2008 15:31:11 -0700
From:	"Adam Langley" <agl@...erialviolet.org>
To:	netdev@...r.kernel.org, "Stephen Hemminger" <shemminger@...tta.com>
Subject: IPv6 mapped sockets don't work with TCP MD5

Reported by Stephen: connecting to an IPv6 mapped socket using TCP MD5
fails. This has apparently never worked.

Here's the problem: tcp_make_synack (from tcp_output.c) uses the
af_specific structure from the struct sock to find the correct
function to calculate the signature. In the case of v4/v6 mapped
requests, the sock is the listening socket so we end up using the IPv6
signature function. The request sock is of the correct type at this
point however.

So I'm basically looking for guidance on how I should write the patch here.

1) We could add a calc_hash function pointer to request_sock_ops and
use that when building SYNACKs. However, request_socks aren't just
used in TCP.
2) We could pass the signature function as an argument to
tcp_make_synack since we always call it from a v4/v6 specific place

I'm learning towards the second, but whatever wiser heads suggest I'll
implement.


Cheers

AGL

-- 
Adam Langley agl@...erialviolet.org http://www.imperialviolet.org
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists