lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <8CB45EFE0258939-2F30-B18@webmail-stg-d07.sysops.aol.com> Date: Fri, 16 Jan 2009 07:48:33 -0500 From: jpo234@...scape.net To: andi@...stfloor.org Cc: netdev@...r.kernel.org Subject: Re: Sending complete IPv6 packets without bypassing netfilter/IPsec Andi, I read the rationale in RFC 3542. Unfortunately this makes the following assumptions: 1) You know the IP protocol value when you open the socket. This is not true in my case because I get packets from a tun device. 2) Packet injection using packet sockets/libpcap provides the same functionality. Bad luck that this completely bypasses IPsec and netfilter. To overcome 1) I would have to strip off the IPv6 header and then have a separate socket for every next-header value I might encounter. Not very appealing. I know I'm partial right now, but at least the suggestion in the RFC that "some other technique, such as the datalink interfaces BPF or DLPI, must be used" is misguided. Regards Joerg -----Original Message----- From: Andi Kleen <andi@...stfloor.org> To: jpo234@...scape.net Cc: netdev@...r.kernel.org Sent: Fri, 16 Jan 2009 1:18 pm Subject: Re: Sending complete IPv6 packets without bypassing netfilter/IPsec jpo234@...scape.net writes: > Hello all, > the IPv4 socket interface had the nifty IP_HDRINCL option. It seems > that an IPv6 version of this option is not available. The proposed > solution for this seems to be to use libpcap to inject the > packet. Unfortunately this completely bypasses both, netfilter and > IPsec. So, am I lost or is there a way to do what I want/need? The theory is (the same on IPv4) is that the socket options should allow you to specify everything legal you could put into a IPv6 header by hand. -Andi -- ak@...ux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists