lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 28 Sep 2011 07:13:22 -0700 (PDT)
From:	François-Xavier Le Bail <fx.lebail@...oo.com>
To:	Linux Netdev List <netdev@...r.kernel.org>
Subject: Question about reply to a datagram sent to a Subnet-Router anycast address

Hi All,

I try to ping some routers on one of their Subnet-Router anycast addresses (SRAA).
(http://tools.ietf.org/html/rfc4291#section-2.6.1)

A Linux kernel 3.0 in IPv6 forwarding mode reply with an unicast source address (same subnet prefix).
An Alcatel router reply with the SRAA as source address.

The RFC 4291 removed the restrictions on using IPv6 anycast addresses, so a SRAA may be used as a source address, in a reply.

In the following draft, we have a rationale for the removal of restrictions regarding anycast as source address in RFC 4291 :
(http://tools.ietf.org/html/draft-jabley-v6-anycast-clarify-00#section-3.1)
"3.1 Anycast Source Addresses
   For many conventional services to be distributed using anycast, it is
   necessary for reply datagrams sent from servers to clients to be
   sourced from the same address that was used as the destination in
   request datagrams sent from clients to servers.  When such a service
   is distributed using anycast, the destination address used in request
   datagrams is necessarily an anycast address; corresponding reply
   packets must therefore use the same anycast address as their source
   address.
   Being able to use an anycast address as the source address in an IPv6
   datagram is a prerequisite for the distribution of many services
   using anycast over IPv6."

A SRAA is a special case of anycast address.

Is there a way to setup the Linux kernel to behave like Alcatel router, replying with the SRAA as source address ?

If not, why not update the behaviour of the Linux kernel to configurable ?

Please let me know your feedback.

Thanks,
Francois-Xavier Le Bail







--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ