| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <396556a20810031531q7ae71d30q4fb7d21334e4c9b@mail.gmail.com> Date: Fri, 3 Oct 2008 15:31:11 -0700 From: "Adam Langley" <agl@...erialviolet.org> To: netdev@...r.kernel.org, "Stephen Hemminger" <shemminger@...tta.com> Subject: IPv6 mapped sockets don't work with TCP MD5 Reported by Stephen: connecting to an IPv6 mapped socket using TCP MD5 fails. This has apparently never worked. Here's the problem: tcp_make_synack (from tcp_output.c) uses the af_specific structure from the struct sock to find the correct function to calculate the signature. In the case of v4/v6 mapped requests, the sock is the listening socket so we end up using the IPv6 signature function. The request sock is of the correct type at this point however. So I'm basically looking for guidance on how I should write the patch here. 1) We could add a calc_hash function pointer to request_sock_ops and use that when building SYNACKs. However, request_socks aren't just used in TCP. 2) We could pass the signature function as an argument to tcp_make_synack since we always call it from a v4/v6 specific place I'm learning towards the second, but whatever wiser heads suggest I'll implement. Cheers AGL -- Adam Langley agl@...erialviolet.org http://www.imperialviolet.org -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists