lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200903041849.48474.mail@saschahlusiak.de>
Date:	Wed, 4 Mar 2009 18:49:41 +0100
From:	Sascha Hlusiak <mail@...chahlusiak.de>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] Assign linklocal addresses to isatap from link dev

> > That way stateless autoconf works with isatap tunnels and without
> > knowledge of the local v4 address.
>
> Real autoconf is not performed, but rather you must configure your
> system with a PRL (potential routers list) and these routers are
> probed periodically in order to keep track of which of them are still
> functioning and also to perform a sort-of unicast-only autoconf.
Well, since ISATAP is just a SIT, it still needs a link local address for 
autoconf and it needs to have it's v4 Address embedded in the lowest 32 bit of 
the linklocal address. It will then do normal autoconf with the potential 
router by sending a proper router solicitation messages, either directed or 
multicast.

I see that the current implementation disables sending of RS when on ISATAP, 
which is not correct because RS are needed to do the autoconf.

At least that's the way the implementation in MS Windows works.

> I am pretty sure that the person who added the ISATAP code created the
> current behavior intentionally.
Well, the current implementation does not cover clients at all, because 
the ip command refuses to create tunnels without the remote parameter, which 
is neccessary because it's the potential router.

It then does not derive the linklocal address correctly, making it impossible 
to do autoconf with the server. Using SIT does work as such as you still need 
to add the correct ISATAP linklocal address to the interface. 

I think ISATAP Client support in Linux could be more automated.


- Sascha

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ