lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m1mxofa8dg.fsf_-_@fess.ebiederm.org>
Date:	Wed, 08 Dec 2010 20:16:27 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	David Miller <davem@...emloft.net>
Cc:	stable@...nel.org
Subject: [PATCH] Fix 2.6.34-rc1 regression in  disable_ipv6 support


In a number of instances it is desirable to have systems that run with
ipv6 disabled, but where enabling ipv6 remains an option.  This
has been broken since 2.6.34-rc1.

The problem is failure mode is that after
# ip link set lo up
# echo 1 > /proc/sys/net/ipv6/conf/lo/disable_ipv6
# echo 0 > /proc/sys/net/ipv6/conf/lo/disable_ipv6
# ping6 ::1

The ping and anything similar operations that use the
ipv6 loopback address fail with network not reachable.

This failure mode appears to start with:
   commit dc2b99f71ef477a31020511876ab4403fb7c4420
   Author: stephen hemminger <shemminger@...tta.com>
   Date:   Mon Feb 8 19:48:05 2010 +0000
   
       IPv6: keep permanent addresses on admin down
       
       Permanent IPV6 addresses should not be removed when the link is
       set to admin down, only when device is removed.
       
       When link is lost permanent addresses should be marked as tentative
       so that when link comes back they are subject to duplicate address
       detection (if DAD was enabled for that address).
       
       Other routing systems keep manually configured IPv6 addresses
       when link is set down.
       
       Signed-off-by: Stephen Hemminger <shemminger@...tta.com>
       Signed-off-by: David S. Miller <davem@...emloft.net>

Keeping ipv6 addresses on network interfaces when we bring those
interfaces down is not the fundamental problem.  The real problem is
that there is something about routes and route-caches that make local
ipv6 address unreachable after the loopback interface is brought down,
and then brought up again, and it has been that way since at least
2.6.32.

Finding the real bug is beyond me right now, but fixing the regression
in disable_ipv6 is simple.  We can just delete ::1 when we bring down
the loopback interface, and it will be restored automatically when we
bring the loopback interface back up.

Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
---
Index: linux-2.6.37-rc5.x86_64/net/ipv6/addrconf.c
===================================================================
--- linux-2.6.37-rc5.x86_64.orig/net/ipv6/addrconf.c
+++ linux-2.6.37-rc5.x86_64/net/ipv6/addrconf.c
@@ -2727,6 +2727,7 @@ static int addrconf_ifdown(struct net_de
 		/* If just doing link down, and address is permanent
 		   and not link-local, then retain it. */
 		if (!how &&
+		    !ipv6_addr_loopback(&ifa->addr) &&
 		    (ifa->flags&IFA_F_PERMANENT) &&
 		    !(ipv6_addr_type(&ifa->addr) & IPV6_ADDR_LINKLOCAL)) {
 			list_move_tail(&ifa->if_list, &keep_list);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ