lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Feb 2010 08:46:40 -0800
From:	Stephen Hemminger <shemminger@...tta.com>
To:	Shan Wei <shanwei@...fujitsu.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC] IPv6: don't forward unspecified frames

On Tue, 23 Feb 2010 13:11:33 +0800
Shan Wei <shanwei@...fujitsu.com> wrote:

> Stephen Hemminger wrote, at 02/23/2010 09:31 AM:
> > This showed up during UNH IPv6 conformance tests. It appears kernel
> > incorrectly forwards packets with unspecified source address.
> 
> Which case? Is it about spec.p2#18 of IPv6 Ready Logo Phase 2?
> I don't see the phenomenon from spec.p2#18 case.

The kernel is 2.6.31 and it has that code section in ip6_forward.
I am inprocess of trying to reproduce the result.

The test case in question is V6LC.1.1.10C


 IP Forwarding – Source and Destination Address – Intermediate Node (Routers Only)
 Purpose: Verify that a node properly forwards the ICMPv6 Echo Requests.
 Comments on Test Procedure
A. Request sent to Global Unicast address: TN2 transmits an ICMPv6 Echo Request to TN1’s Global unicast address with a first hop through the RUT. The source address is TN2’s Global address.
B. Request sent to Global Unicast address (prefix end in zero-valued fields): TN2 transmits an ICMPv6 Echo Request to TN1’s Global unicast address (prefix 8000:0000::/64) with a first hop through the RUT. The source address is TN2’s Global address.
>>> C. Request sent from unspecified address: TN2 transmits an ICMPv6 Echo Request to TN1 with a first hop through the RUT. The source address is the unspecified address (0:0:0:0:0:0:0:0).
D. Request sent to Lookback address: TN2 transmits an ICMPv6 Echo Request to the Lookback address (0:0:0:0:0:0:0:1) with a first hop through the RUT. The source address is TN2’s Global address.
E. Request sent from Link Local address: TN2 transmits an ICMPv6 Echo Request to TN1 with a first hop through the RUT. The source address is TN2’s Link Local address.
F. Request sent to Link Local address: TN2 transmits an ICMPv6 Echo Request to TN1’s Link Local address with a first hop through the RUT. The source address is TN2’s Global address.
G. Request sent to Site-Local address: TN2 transmits an ICMPv6 Echo Request to TN1’s Site-local address with a first hop through the RUT. The source address is TN2’s Global address.
H. Request sent to Global Scope multicast address: Configure multicast routing on the RUT. TN1 is a Lis-tener for the multicast group FF1E::1:2. TN2 transmits an ICMPv6 Echo Request to TN1’s Global Scope multicast address (FF1E::1:2) with a first hop through the RUT. The source address is TN2’s Global ad-dress.
I. Request sent to Link-local Scope multicast address: Configure multicast routing on the RUT. TN1 is a Lis-tener for the multicast group FF12::1:2. TN2 transmits an ICMPv6 Echo Request to TN1’s Link-Local Scope multicast address (FF12::1:2) with a first hop through the RUT. The source address is TN2’s Global address.
J. Request sent to Multicast address (Reserved Value = 0):Configure multicast routing on the RUT. TN1 is a Listener for the multicast group FF10::1:2. TN2 transmits an ICMPv6 Echo Request to multicast address with a reserved field set to zero (FF10::1:2) with a first hop through the RUT. The source address is TN2’s Global address.
K. Request sent to Multicast address (Reserved Value = F): Configure multicast routing on the RUT. TN1 is a Listener for the multicast group FF1F::1:2. 29. TN2 transmits an ICMPv6 Echo Request to TN1 multicast address with a reserved field set to zero (FF1F::1:2) with a first hop through the RUT. The source address is TN2’s Global address.

 Comments on Test Results
A. The RUT must forward the Echo Request from TN2 to TN1 with a first hop through the TR1.
B. The RUT must forward the Echo Request from TN2 to TN1 with a first hop through the TR1.
>>>C. The RUT forwarded the Echo Request from TN2.
According to RFC 4291 Section 2.5.2: “An IPv6 packet with a source address of unspecified must never be forwarded by an IPv6 router.”
Therefore the RUT should not have forwarded the Echo Request from TN2.
D. The RUT must not forward the Echo Request from TN2.
E. The RUT must not forward the Echo Request from TN2.
F. The RUT must not forward the Echo Request from TN2.
G. The RUT must forward the Echo Request from TN2 to TR1.
H. The RUT must forward the Echo Request from TN2 to TN1 with a first hop through TR1.
I. The RUT must not forward the Echo Request from TN2.
J. The RUT must not forward the Echo Request from TN2.
K. The RUT must forward the Echo Request from TN2 to TN1 with a first hop through the RUT.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ