| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=01koVqt6YR0LQi53Nx0E=7UT1TFVNL44TwAR4@mail.gmail.com> Date: Fri, 13 Aug 2010 12:34:29 -0500 From: Steve Chen <schen@...sta.com> To: Brian Haley <brian.haley@...com> Cc: usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel On Thu, Aug 12, 2010 at 9:23 PM, Brian Haley <brian.haley@...com> wrote: > On 08/12/2010 07:04 PM, Steve Chen wrote: >> On Thu, Aug 12, 2010 at 4:10 PM, Brian Haley <brian.haley@...com> wrote: >>> Hi Steve, >>> >>> On 07/28/2010 11:20 PM, Steve Chen wrote: >>>> Hello, >>>> >>>> The TAHI correspondent node tests CN-6-4-1 (Processing in upper layer >>>> - Echo Checksum) failed for me in the 2.6.32 kernel. It appears that >>>> the Linux kernel is replying the ICMP echo request in >>>> icmpv6_echo_reply without much checking. Is this an intentional >>>> non-conformance to RFC3775 section 9.3.1? >>> >>> Sorry for the late reply. I've run these tests in the past against >>> SLES11 (2.6.27 ?) back in January 2009 and this one passed from looking >>> at my logs. I don't have that system around anymore to check the config, >>> etc. I didn't see any obvious commit that would have broken it from a >>> quick look, do you have a test setup to do some debugging? It will >>> take a little time for me to re-configure mine to run this test. >> >> Brian, >> >> I'm using mip6d from git://www.umip.org/git/umip.git commit id >> d1c240f3deb690af902ce1ff128780551ff6141c. Is that the correct version >> to use? Looking at the kernel code again, the checksum error should >> have been caught in icmpv6_rcv. There are probably something wrong >> with my setup. I'll dig around a bit more. > > The system has long since been dismantled, so I'm not sure what version > of mip6d I used. Yes, icmpv6_rcv() does check for checksum errors, it > would be good to print-out three addresses to see which one is which, > in case they weren't swapped correctly or something. It would be good > to know what value skb->ip_summed was too, as a start. It appears that skb->ip_summed is always 1 (CHECKSUM_UNNECESSARY). I'm using e1000e. Looking at the driver, there is a checksum offload hardware. I think the code is doing frame check on the entire Ethernet packet. Since no error was found, it assume everything inside is correct. > >> Tests 5-3-1 to 5-3-6 also failed for me. Did they pass for you? > > I had no failures, but 5 warnings (2-1-6, 2-3-11, 4-7-1, 5-4-2, and > 6-3-1). I'll see if I can get a CN test run done on my current > config. > All these tests passed without warnings for me. However, I do see warnings on 2-3-10-2 and 6-2-2 with my setup. Steve -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists