| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1324379424-18055-1-git-send-email-gaofeng@cn.fujitsu.com>
Date: Tue, 20 Dec 2011 19:10:24 +0800
From: Gao feng <gaofeng@...fujitsu.com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, Wang xingtong <wangxingtong@...fujitsu.com>
Subject: [PATCH V2] IPv6 : add multicast routing verify which net_device is lo
In currently routing subsystem, when we lookup a multicast routing
to send muticast packets to outside, rt6_device_match will return
the rt6_info which it's match first. If we add a multicast route on
loopback devices beforce the others interface, rt6_device_match will
retrun the rt6_info which rt6i_dev->name is "lo". But, obviously,
we can't send a muticast packet to outside using loopback devices.
It case all multicast packets blocking.
Commit 4af04aba93f47699e disabled kernel add multicast route on lo
automatically. However, we can't surmise the routing-add order or
interdict add multicast routing on loopback devices in user space.
The bug still exist. So, i think, more stronger routing subsystem is
necessary.
Signed-off-by: Wang xingtong <wangxingtong@...fujitsu.com>
---
net/ipv6/route.c | 19 ++++++++++++++++---
1 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b582a0a..d6663ca 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -334,9 +334,16 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
struct rt6_info *local = NULL;
struct rt6_info *sprt;
- if (!oif && ipv6_addr_any(saddr))
+ if (!oif && ipv6_addr_any(saddr)){
+ if (unlikely(rt->rt6i_dev->flags & IFF_LOOPBACK &&
+ ipv6_addr_is_multicast(&rt->rt6i_dst.addr))){
+ rt=rt->dst.rt6_next;
+ goto match;
+ }
goto out;
+ }
+match:
for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) {
struct net_device *dev = sprt->rt6i_dev;
@@ -355,9 +362,15 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
local = sprt;
}
} else {
- if (ipv6_chk_addr(net, saddr, dev,
- flags & RT6_LOOKUP_F_IFACE))
+ if (ipv6_addr_any(saddr)){
+ if (unlikely(rt->rt6i_dev->flags & IFF_LOOPBACK &&
+ ipv6_addr_is_multicast(&rt->rt6i_dst.addr)))
+ continue;
return sprt;
+ }
+ else if (ipv6_chk_addr(net, saddr, dev,
+ flags & RT6_LOOKUP_F_IFACE))
+ return sprt;
}
}
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists