lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 17 Mar 2011 10:29:10 +0000
From:	David Woodhouse <dwmw2@...radead.org>
To:	netdev@...r.kernel.org
Cc:	"Yuniverg, Michael" <michael.yuniverg@...el.com>,
	"Yedvab, Nadav" <nadav.yedvab@...el.com>
Subject: SO_BINDTODEVICE inconsistency between IPv4 and IPv6

We've discovered strange behaviour when we listen on in6addr_any and use
SO_BINDTODEVICE to bind to the lo device.

We can connect to any IPv4 address that is local to the machine, on any
interface. (This is true whether we listen on AF_INET6/in6addr_any and
accept IPv4 connections on the IPv6 socket, or whether we just listen on
AF_INET/INADDR_ANY).

The IPv6 behaviour is different — the only IPv6 address that we can
connect to is ::1.

See attached test case, which listens with SO_BINDTODEVICE as described.
Note that it needs to be run as root because SO_BINDTODEVICE is a
privileged operation.

Why this difference? Ideally, we want the Legacy IP behaviour to happen
for IPv6 too; we want local clients to be able to connect to *any* local
IP address to talk to our service, but we don't want to accept
connections from the outside.

[root@...book dwmw2]# uname -a
Linux macbook.infradead.org 2.6.35.11-83.fc14.x86_64 #1 SMP Mon Feb 7 07:06:44 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@...book dwmw2]# ./port -port  9999 &
Attempt to listening at port: 9999 ...successfully binded local
Block until interrupted by a signal (Ctrl+C or kill) ...
[1] 26839
[root@...book dwmw2]# host macbook
macbook.infradead.org has address 90.155.92.212
macbook.infradead.org has IPv6 address 2001:8b0:10b:1:216:eaff:fe05:bbb8
[root@...book dwmw2]# telnet 90.155.92.212 9999
Trying 90.155.92.212...
Connected to macbook.infradead.org (90.155.92.212).
Escape character is '^]'.
^]close

telnet> close
Connection closed.
[root@...book dwmw2]# telnet 127.0.0.1 9999
Trying 127.0.0.1...
Connected to macbook.infradead.org (127.0.0.1).
Escape character is '^]'.
^]close

telnet> close
Connection closed.
[root@...book dwmw2]# telnet ::1 9999
Trying ::1...
Connected to macbook.infradead.org (::1).
Escape character is '^]'.
^]close

telnet> close
Connection closed.
[root@...book dwmw2]# telnet 2001:8b0:10b:1:216:eaff:fe05:bbb8 9999
Trying 2001:8b0:10b:1:216:eaff:fe05:bbb8...
telnet: connect to address 2001:8b0:10b:1:216:eaff:fe05:bbb8: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@...book dwmw2]# ip -6 route list table local
local ::1 via :: dev lo  proto none  metric 0  mtu 16436 rtt 10ms rttvar 10ms cwnd 3 advmss 16376 hoplimit 0
local 2001:8b0:10b:1:216:eaff:fe05:bbb8 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 0
local fe80::216:eaff:fe05:bbb8 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 0
ff02::1 via ff02::1 dev wlan0  metric 0 
    cache  mtu 1500 advmss 1440 hoplimit 0
ff00::/8 dev wlan0  metric 256  mtu 1500 advmss 1440 hoplimit 0
[root@...book dwmw2]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:22:41:2d:31:0a brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:16:ea:05:bb:b8 brd ff:ff:ff:ff:ff:ff
    inet 90.155.92.212/26 brd 90.155.92.255 scope global wlan0
    inet6 2001:8b0:10b:1:216:eaff:fe05:bbb8/64 scope global dynamic 
       valid_lft 294sec preferred_lft 114sec
    inet6 fe80::216:eaff:fe05:bbb8/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether b2:5e:9d:17:67:ce brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
5: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 16:7e:11:12:43:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
7: vpn0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1266 qdisc pfifo_fast state UNKNOWN qlen 500
    link/none 
    inet 10.255.16.41/22 brd 10.255.19.255 scope global vpn0

-- 
dwmw2

View attachment "port.c" of type "text/x-csrc" (4463 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ