| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Apr 2010 20:47:30 -0400
From: Vlad Yasevich <vladislav.yasevich@...com>
To: Paul Gortmaker <paul.gortmaker@...driver.com>
CC: netdev@...r.kernel.org
Subject: Re: [PATCH] Fix SCTP failure with ipv6 source address routing
Paul Gortmaker wrote:
> From: Weixing Shi <Weixing.Shi@...driver.com>
>
> Given the below test case, using source address routing, SCTP
> does not work.
>
> Node-A:
> 1)ifconfig eth0 inet6 add 2001:1::1/64
> 2)ip -6 rule add from 2001:1::1 table 100 pref 100
> 3)ip -6 route add 2001:2::1 dev eth0 table 100
> 4)sctp_darn -H 2001:1::1 -P 250 -l &
>
> Node-B:
> 1)ifconfig eth0 inet6 add 2001:2::1/64
> 2)ip -6 rule add from 2001:2::1 table 100 pref 100
> 3)ip -6 route add 2001:1::1 dev eth0 table 100
> 4)sctp_darn -H 2001:2::1 -P 250 -h 2001:1::1 -p 250 -s
>
> Root cause:
> Node-A and Node-B use source address routing, and in the
> begining, the source address will be NULL. So SCTP will search
> the routing table by the destination address (because it is using
> the source address routing table), and hence the resulting dst_entry
> will be NULL.
>
> Solution:
> After SCTP gets the correct source address, then we search for
> dst_entry again, and then we will get the correct value.
The problem here is that ipv6 route lookup code in sctp doesn't bother
searching for the source address, unlike the v4 route lookup code.
Compare sctp_v4_get_dst() and sctp_v6_get_dst. The v4 version bends over
backwards trying to get the correct route, while the v6 version simple does
a single lookup and returns the result.
The v6 route lookup code needs to be fixed to take into account the bound
address list.
-vlad
>
> Signed-off-by: Weixing Shi <Weixing.Shi@...driver.com>
> Signed-off-by: Paul Gortmaker <paul.gortmaker@...driver.com>
> ---
> net/sctp/transport.c | 11 +++++++++--
> 1 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/net/sctp/transport.c b/net/sctp/transport.c
> index be4d63d..b5ae18c 100644
> --- a/net/sctp/transport.c
> +++ b/net/sctp/transport.c
> @@ -295,9 +295,16 @@ void sctp_transport_route(struct sctp_transport *transport,
>
> if (saddr)
> memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
> - else
> + else {
> af->get_saddr(opt, asoc, dst, daddr, &transport->saddr);
> -
> + /* When using source address routing, since dst was
> + * looked up prior to filling in the source address, dst
> + * needs to be looked up again to get the correct dst
> + */
> + if (dst)
> + dst_release(dst);
> + dst = af->get_dst(asoc, daddr, &transport->saddr);
> + }
> transport->dst = dst;
> if ((transport->param_flags & SPP_PMTUD_DISABLE) && transport->pathmtu) {
> return;
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists