lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <49C1AD56.5000608@hp.com>
Date:	Wed, 18 Mar 2009 22:26:30 -0400
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	David Miller <davem@...emloft.net>
CC:	chuck.lever@...cle.com, netdev@...r.kernel.org
Subject: Re: IPv6 address printf format specifier

David Miller wrote:
> From: Vlad Yasevich <vladislav.yasevich@...com>
> Date: Mon, 16 Mar 2009 13:13:00 -0400
> 
>> Chuck Lever wrote:
>>> The NFS and RPC code in the kernel now uses the new printf format
>>> specifier for IPv6 addresses.  In some cases, the generated address
>>> string is sent out of the kernel (for example, it is used to build a
>>> universal address for RPCB_SET requests, and used as the mon_name in
>>> some SM_MON upcalls to our rpc.statd).
>>>
>>> The problem is that outside the kernel, applications generally use
>>> getnameinfo(3) or inet_ntop(3) to do this conversion.  The library
>>> follows the RFC suggestion of shortening these address strings by
>>> replacing the longest series of zeroes in the IPv6 address with "::".
>>>
>>> Since the kernel doesn't do that, string comparisons don't work when
>>> comparing address strings that came from our kernel.  Since these
>>> address strings appear to other hosts (via the rpcbind registry) this
>>> is, or could become, an interoperability issue for Linux.
>>>
>>> How should I fix this?
>>>
>>> 1.  Copy glibc's code to the printf logic for %pI6
>> I think this is the optimum solution.  This normalizes kernel output
>> with that of user-space thus creating a uniform format.
>>
>> My $0.02
> 
> Then you'll break cases where this string is output via
> some /proc/ file or whatever and it expects the existing
> behavior.
> 
> I don't think we can do this.
> 

Ugh... you are right.  Changing the formating across the board is a non-starter,
as much as I would still like to see it.

Upon rereading Chunk's text and re-reading RFC 2732 and RFC 4291, I've come
to the conclusion that any application that attempts to compare textual
representations of IPv6 addresses is misguided at best.

There are multiple different forms of presenting addresses, all of which
are valid and non of which will provide for sting equality.  Regardless of
how we represent our IPv6 addresses, there is a chance that it will cause
interoperability issues and the only way to truly solve it is to change
applications to compare addresses in their true numerical representation.

-vlad
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ