lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=01koVqt6YR0LQi53Nx0E=7UT1TFVNL44TwAR4@mail.gmail.com>
Date:	Fri, 13 Aug 2010 12:34:29 -0500
From:	Steve Chen <schen@...sta.com>
To:	Brian Haley <brian.haley@...com>
Cc:	usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org
Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel

On Thu, Aug 12, 2010 at 9:23 PM, Brian Haley <brian.haley@...com> wrote:
> On 08/12/2010 07:04 PM, Steve Chen wrote:
>> On Thu, Aug 12, 2010 at 4:10 PM, Brian Haley <brian.haley@...com> wrote:
>>> Hi Steve,
>>>
>>> On 07/28/2010 11:20 PM, Steve Chen wrote:
>>>> Hello,
>>>>
>>>> The TAHI correspondent node tests CN-6-4-1 (Processing in upper layer
>>>> - Echo Checksum) failed for me in the 2.6.32 kernel.  It appears that
>>>> the Linux kernel is replying the ICMP echo request in
>>>> icmpv6_echo_reply without much checking.  Is this an intentional
>>>> non-conformance to RFC3775 section 9.3.1?
>>>
>>> Sorry for the late reply.  I've run these tests in the past against
>>> SLES11 (2.6.27 ?) back in January 2009 and this one passed from looking
>>> at my logs.  I don't have that system around anymore to check the config,
>>> etc.  I didn't see any obvious commit that would have broken it from a
>>> quick look, do you have a test setup to do some debugging?  It will
>>> take a little time for me to re-configure mine to run this test.
>>
>> Brian,
>>
>> I'm using mip6d from git://www.umip.org/git/umip.git commit id
>> d1c240f3deb690af902ce1ff128780551ff6141c.  Is that the correct version
>> to use?  Looking at the kernel code again, the checksum error should
>> have been caught in icmpv6_rcv.  There are probably something wrong
>> with my setup.  I'll dig around a bit more.
>
> The system has long since been dismantled, so I'm not sure what version
> of mip6d I used.  Yes, icmpv6_rcv() does check for checksum errors, it
> would be good to print-out three addresses to see which one is which,
> in case they weren't swapped correctly or something.  It would be good
> to know what value skb->ip_summed was too, as a start.

It appears that skb->ip_summed is always 1 (CHECKSUM_UNNECESSARY).
I'm using e1000e.  Looking at the driver, there is a checksum offload
hardware.  I think the code is doing frame check on the entire
Ethernet packet.  Since no error was found, it assume everything
inside is correct.
>
>> Tests 5-3-1 to 5-3-6 also failed for me.   Did they pass for you?
>
> I had no failures, but 5 warnings (2-1-6, 2-3-11, 4-7-1, 5-4-2, and
> 6-3-1).  I'll see if I can get a CN test run done on my current
> config.
>

All these tests passed without warnings for me.  However, I do see
warnings on 2-3-10-2 and 6-2-2 with my setup.

Steve
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ